Apache2 access log generator

A simple php file that can generate fake apache2 access log files.

Usage

You can add your own .settings.php.

git clone git@github.com:theodorosploumis/apache-log-generator.git
cd apache-log-generator

Execute using php:

// Generate date limited files starting from '19 May 2019' (timestamp '1558137601') 
// with offset '1 Day' (86400) and row limit 10k rows by file
php -r "require 'index.php'; generateLogsByDates(1558137601, 86400, 10000);"

// Generate date limited files starting from 'now' (timestamp '0') 
// with offset '1 Day' and row limit 10k rows by file
php -r "require 'index.php'; generateLogsByDates(0, 86400, 10000);"

---

Log formats

See apache2 mod_log_config for more details.

LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent

---

Log analyzers for security problems

• scalp

python scalp/scalp.py -l logs/combined-generated-logs.log.1 --html --output ~/scalp/export

• lorg

./lorg -d phpids -i combined logs/combined-generated-logs.log.1

• ryanermita/apache-logs-analyzer

python src/parse_logs.py -c get_sql_injections -F logs/combined-access.log

• fhidalgo/attacks_checker

TBD

• matsuu/kataribe

cat logs/combined-access.log | ./kataribe

• retep007/webserver-log

# Example of one file apache logs at webserver_log.conf settings file

---
reporting:
  - Std:
      verbose: false
xss_level: Intelligent
services:
  - Apache:
      path: logs/combined-generated-logs.log.1

// Add your settings at secutity-log.yaml
./webserver_log -c webserver_log.conf

• pobyzaarif/hansipy

python hansipy.py

• nekhbet/WebForensik

// For a more current version please check "lorg" tool above
./webforensik.php -o html -i combined logs/combined-generated-logs.log.1

• flrnull/http-logs-analyzer

http-logs-analyzer -f logs/combined-generated-logs.log.1

• kzon/http-access-log-parser

php parser.php logs/combined-generated-logs.log.1

• tilfin/detect-http-attack

./detect-http-attack.rb -s 8 < /var/log/apache/access_log

• pinguinens/AnalyzeMyAccessLog

php parser.php logs/combined-generated-logs.log.1

• LagrangianPoint/Apache-Access-Log-Analyzer

python access-log-analizer.py

• EventLogAnalyzer

---

Visualize logs examples

• request-log-analyzer

request-log-analyzer --apache-format combined logs/combined-generated-logs.log.1
request-log-analyzer --apache-format common /etc/log/all.log --output HTML --file ~/ruby-apache-log-analyzer.html

• goaccess

goaccess --log-format=COMBINED -o myreport.html --real-time-html -f logs/combined-generated-logs.log.1
goaccess -o goaccess-report.html -f ~/logs/all.log -p goaccess.conf

• antirez/visitors

// See examples at http://www.hping.org/visitors
./visitors -f myreport.html logs/combined-generated-logs.log.1

• cavo789/apache_logreader

• kbence/logan

logan

• logswan

logswan -g logs/combined-access.log

• webalizer

webalizer -c clf logs/combined-generated-logs.log.1

• awstats

• https://github.com/pbek/loganalyzer

• rory/apache-log-parser

---

License

MIT 2019