2. Todayโs Discussion
Topics
๏ง What are logs?
๏ง Who creates logs?
๏ง Basic Terminology
๏ง Server Logs
๏ง Server Classification
๏ง Uncovering the Web Server Logs
๏ง Uncovering FTP Server Logs
๏ง Analyzing Server Logs
3. What are logs ?
โข A file that lists actions that have
occurred. For example, Web
servers maintain log files listing
every request made to the server.
With log file analysis tools, it's
possible to get a good idea of
where visitors are coming from,
how often they return, and how
they navigate through a site.
4. Who create logs?
โข Most Operating Systems stores
logs for user actions and events.
โข All heavy softwareโs from
professional vendors create logs for
their software that was installed in a
digital system.
โข Logs on Windows are store in
Registry, %appdata% etc.
โข Logs on Linux is stored in /var/log
5. Basic Terminology
โข Server: A server is both a running instance of
some software capable of accepting requests
from clients, and the computer such a server
runs on.
โข Web Server: It is an information technology that
processes requests via HTTP, the basic
network protocol used to distribute information
on the World Wide Web. The primary function of
a web server is to store, process and deliver
web pages to clients.
6. Basic Terminology
(contd.)
โข FTP: The File Transfer Protocol (FTP)
is a standard network protocol used to
transfer computer files from one host to
another host over a TCP-based
network, such as the Internet. FTP is
built on a client-server architecture and
uses separate control and data
connections between the client and the
server.
7. Server Logs
โข A server log is a log file (or several files)
automatically created and maintained by a server
consisting of a list of activities it performed.
Example: a web server log which maintains a
history of page requests.
โข These files are usually not accessible to general
Internet users, only to the webmaster or other
administrative person.
โข Log data often grouped into different files based on
the log type. Example :- Access Log, error log,
referrer log etc.
8. Server Classification
โข Different Servers do different work.
โข Some types :-
โ Telnet Server
โ FTP Server
โ HTTP Server
โ Web Server
9. Uncovering the Web Server
Logs
โข A Web Server logs all request (GET/POST)
โข methods into files with URLs and other information.
โข From the urlโs a users motives can be decrypted.
Example :-
URL :- http://example.com/product?id='+UNION+SELECT+1,2,3,4+
The above tells the forensic investigator that an attempt is
being made to perform SQL Injection. Now along with this
we will also be able get IP and there by try further to track
the IP Location and ISP.
10. Uncovering the FTP Logs
Logs and/or Config stored as .xml files
(as observed with Filezilla)
11. Uncovering the FTP Logs
(contd.)
โข Connection Log shows Host, User and
Password info.
12. Analyzing Server Logs
โข Knowing the log format
โ Logs save data in a particular format.
โ Log format can be configured.
โ Example: Log4j, Slf4j
โข Properly handling the log files and preserve the
log metadata
โข Building scripts (Perl, Python, Shell) to automate
analysis and search utilities like grep to find
spicy info.