Now we know about Web. Several logs little in about Webb. Seven. Softer. The first will be a party Web server.
Apache is open. Source. Web seven Softer maintain by Apache Foundation
The different location off logs is this. One showed here for Lennox and Windows.
Http d dot com is the fire where you can set the low configuration, including the loch Form it here, The default log for mint.
You could find more details on the Pasha Web page.
Let's understand the lock feuds on the Apache Web server log.
Here we have all the key feuds.
RFC 14 13 use their i d daring time method and so on.
It is this informant as a previous example
with different values on the feuds.
Remember, the hyphen means no information for that shield.
Now let's analyze this July No flogs,
you answer our questions. Who went in what
we were used? A stable to help us did fight the key shoots.
He had the result for the first line.
All the key fields are present now the result for the second line.
Now we have to answer for who went in what
in addiction We have the referral and the user agent
after they apart. You observer.
Let's talk about inject slugs and yet it's pretty similar to the party here. The default location off its logs
and also the Defoe configuration includes a flogging
injects dot com. Contain the logs configuration for both Lennox and Windows,
including the lock for months.
Let's understand Dane Jack's logline.
A good thing is in Jack's logs looks like their party logs.
Basically, we have the same feuds.
Quiet, I p r C 40 13 user I d. There in time Method requested. Fire. Http version and so on.
It's always better to practice. See
legend allies to lens off logs from index.
Here the results off the first line,
followed by the referring in the user agents
Remember the heifer means no information for that shoot. So in this line we don't have the reef ever.
And the result for the second line
with the refer in the user agents.
Now we can answer the who went in what
our next Web seven will be. Microsoft. I s Microsoft ia yes, is a little difference for another two, but this will not be a problem here. Did the phone log location.
Although observing configurations including logging,
are made on my *** manager
a graphical user interface as information the log options for Ah, yes, you look like this.
Even if the love looks our little difference, it should contains all the needed lock feuds.
Let's understand the I asked log
Here you have our example off my ***. Look,
first we have to date in time.
is the Web server I p address
followed by they Did you pee methods.
We have the requested file
followed by my specifically space for you. Our inquiry
this ever port, it's 80. So it should be http requests. Remember that 80? It's coming to http in 443 it's government to 82 ps
Next the user name that is the same as user I d
glance i p address user agent
a superstar Schools are Windows related fields and that I'm taking to answer the requests.
We have main feuds, right, but we have all the needed feuds.
Now let's analyze July enough logs from my eyes
We need to change our table a little
filling the table. We have the result
see not so different from a party, and then jets.
Now the second line. If you want to try positive you an answer
here, the results of the second line.
One of the difference is this. A report.
It is possible to have this field in Apache in jets.
It is also possible to have two different world lines, one to TCP Ports 80 and another two TCP ports for 43
Not only the access log fire can be used to finalize the Web. Seven. There are other log fires. One good example is the airlock five.
It is like of the bug. Information.
All the Web seven softer Contains airlock fire here. Some exit off locations
for injects a party and my eyes.
Check the website of a page to look for more information about era logs Here the address about the air. A log in a party
to make things clear. This two logs are from Web Server.
The first is air. A log in the second is a related access log.
Both logs were generated by the same request.
The access log line. We'll have declined to request an air along. We'll have the boat information about the request,
you can find similar information of both logs like Client I P. Address the requested file in the methods.
So if you don't have enough information on that, says Love, you can look for the air a log.
It could be really helpful during the analysis
as the first purchase ASM question,
which means below our exams off information provided by the Web. Several logs
you can pause of you if you want.
Here. The description off each option
for the next question is tragic information for the logs below into the table.
Here you have the answer
in our questions. Who, when and what
in addiction is important to identify which weapons ever generated this logs.
The first log is from I s the 2nd 1 Looks like Apache are in Jack's. Long
to solve this question. It's better to ask to the several edge me in this case the longest from our injects server.
It is coming to our company. You have different flavors off Web service in the same company. You can find a party in Jax and I Yes, that's why it's important to know made myself Social, even if the software's difference, you need to find this information
very summery. In this video, we started to find what our logs and exit partners
after explaining the fields in the Web application, log
our Web seven log. And finally we went through Apache in Jack's In II's Logs, Children how to get the information on the Log fields
to finish which cost about era logs and how they can help us. They'll organizes
in the next video. You see some considerations about Logan Elvis's. We'll talk about freak requests, the difference between a knock and a soft analysts.
And we were born some mistakes that can happen when you're the Web log analysis.