# Where are my web log files?



## uoba (Jun 26, 2002)

Hello

Just downloaded Analog to use for web logging, but, where are my web log files stored, and how do I get them to work in Analog?

[EDIT]:

OK, I've found an access_log for Apache, here's an additional question:

Looking through the list of connections, I can see my machines own number when testing web pages internally (this is my home machine I'm testing on), however there seems to be a few ip addresses that are not mine, with some dodgy looking paths on there, what do you think:

212.0.132.10 - - [21/May/2002:00:02:30 +0100] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 276
212.0.132.10 - - [21/May/2002:00:02:32 +0100] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 274
212.0.132.10 - - [21/May/2002:00:02:33 +0100] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 284
212.0.132.10 - - [21/May/2002:00:02:35 +0100] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 284
212.0.132.10 - - [21/May/2002:00:02:36 +0100] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298

and also...

62.3.17.158 - - [26/May/2002:10:52:30 +0100] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 276
62.3.17.158 - - [26/May/2002:10:52:32 +0100] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 274
62.3.17.158 - - [26/May/2002:10:52:34 +0100] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 284
62.3.17.158 - - [26/May/2002:10:52:36 +0100] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 284
62.3.17.158 - - [26/May/2002:10:52:37 +0100] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 298

I gather from the information it's a Windows search, but is it someone trying there chances (these hark back to when I was still sorting out the network, I haven't had such logs since the Firewall and router was configured)?


----------



## jimr (Jun 26, 2002)

*HeHeHeHeHe* 

some turkeys actually use windows, you know...

On top of that they are ppp users and they have IIS personal webserver enabled by default ...and... the have been infected by either code red, nimda or &lt;FLAVOR OF THE WEEK&gt; web worm/virus for windows  then their pathethic excuse for an operating system  allows the machine to continuously  search the web for other possible inhabitible environments which your machine is not one of....

Additionally, those users are so out of it that not only they never notice that the perfomace of the machine is hampered, but they never ever read any announcements on the net. which are all at least 10 or 12 months old:
Warning the jerks to go to microsoft every 30 minutes to download the latest patch software.

But who has time for that anyway since all of their on-line time is spent searching yahoo for kiddie porn...

those probes to your machine are not only dodgy, they are _perverse_...evil.

and speaking of evil M$ now has the perfect solution 

the project is called *Palladium* but they will change the name to MSgimmeeyourwallet and put on these MShandcuffs

One more product is planned which will be called MSkickOpenSourceintheBallser  which really has nothing to do with online security but is a good bit of fun while you wait for MShandcuffs to _verify_ your keys.....

those bogus requests won't hurt you but they may annoy the hell out of you.
------------------------------------------
M$ has no business on the .NET so they have decided to become information highwaymen


----------



## uoba (Jun 26, 2002)

That's made me feel better ...

I traced one of the ip's to a Egyptian companies web site, and another to a Windows Server login page. Oh well.


----------



## rinse (Jun 26, 2002)

i get hundreds of requests like that a week. stupid code red. i hate how it clogs up my logs....


uoba, how about analog? it rocks, right!


----------



## uoba (Jun 26, 2002)

but I ain't figured out how to get it to automatically read my Apache log file without first copying it to the desktop and placing it into the Analog folder!

Also, (but I haven't really looked properly yet) the log for things like users systems and browser etc wasn't apparent.

But it works just nice


----------



## hcoffman (Jan 26, 2003)

Hi, 

A couple of questions concerning the server logs. I am running OS X 1.5.1.

I was able to find the files at /var/log/httpd/ by using terminal.

(1) How do I copy/move these files so I can run an application (Summary) to analyze the logs? I tried stopping the server and copying, but I did not have privileges to save the file. I was operating from an administrative account. It obviously doesn't have the privileges I need. 

Does the server have to be stopped to copy the logs?

Based on previous comment, do I just save them to desktop space? Is this done only in terminal or can I navigate to these files using the UI?

Does anyone have a routine that copies/renames the files for periodic traffic reporting and then start the logging again. I'd like to grab weekly statistics and analyze them.

Many thanks,

Howard


----------



## hcoffman (Jan 28, 2003)

Update: Now that I know where the files are located I am grabbing them via FTP.

Thanks!


----------



## TommyWillB (Feb 1, 2003)

There are a couple other existing threads on this subject:
http://www.macosx.com/forums/showthread.php?s=&threadid=10489&highlight=cmd.exe
http://www.macosx.com/forums/showthread.php?s=&threadid=6915&highlight=NIMDA
http://www.macosx.com/forums/showthread.php?s=&threadid=26629&highlight=cmd.exe
I also posted this question to another forum:
http://forums.devshed.com/t49234/s.html


----------

