Site Logs Anaylsis
February 26, 2024
Step One:
Perform a table record count analysis. IP Record CountStep Two:
Perform a selected pattern analysis on the IP address.IP Address Pattern
Step Three:
Select IP address and view identification sent. In the table summary it can be seen the probe is either changing their identification or its a botnet.IP Response Source
Step Four:
Narrow the selected IP address with the Advanced/Sort Search for a response other than 404 and sort by time.IP Table Search
Step Five:
View of Summary Table with most fields collected from log. Notice the request searching for particular files. I have removed from summary response and bytes fields.IP Table Summary
Step Six:
Perform a Summary Table CSV export of selected IP with standard yyyy-mm-dd database timestamp format and semicolon deliminator.IP Summary Table Export
This is all done via standard logs files that are generated by site and Ajqvue with a local H2 file database.
Files:
H2 DDL SQL FileIP Address CSV File