Web Server Log Analysis

  • Description: list of items to consider for web server forensic analysis

  • What to scrutinize

    • Excessive access attempts to non-existent files

    • Code (SQL, HTML) seen as part of the URL

    • Access to extensions you have not implemented

    • Web service stopped/started/failed messages

    • Access to β€œrisky” pages that accept user input

    • Look at logs on all servers in the load balancer pool

    • HTTP Error Codes

      • Error code 200 on files that are not yours

      • Failed user authentication: Error code 401, 403

      • Invalid request: Error code 400

      • Internal server error: Error code 500

  • Resources

PreviousSysmonNextWindows Log Analysis

Last updated