('binary' encoding is not supported, stored as-is)
Hi Wei,
There can be many ways to classify/label the log files. I think one of the method can be to classify them as per the application type. For example the sample log is using Mozilla.
Another option is to classify them as per the extension of files (Dynamic or Static files). For example in the sample log file, the extension of file is .gif
I hope it helps.
Best Regards,
Abhishek Singh
>Hi All,
>We are working on anomaly detection of HTTP >attacks.
>In fact, we have collected a large amount of HTTP >logs (apache sever), but we didn't use IDS to >label the data during collection.
>Does any one know how to label the HTTP logs? for >example: one http log line like :
>burtul.xx.fr - - [10/May/2007:14:46:07 +0200] >"GET /ariana/Images/Icones/sound.gif HTTP/1.0" >200 579 http://www-sop.inria.fr/ariana/fr/xx >"Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.7.13) >Gecko/20060417"
>Any suggestions are very appreciated.
>Wei WANG
INRIA
2008-05-20
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------
Received on May 21 2008
Intro
