Apache Httpd¶
Description¶
Constructor : Apache fondation
Product : Httpd (web server)
Log type(s) : WEB
Theoretical injector performance¶
19564 EPS
Log sample¶
1 | Jan 17 08:10:31 host33 189.171.106.136 - ted [01/Jan/2013:10:00:00 +0100] "GET /style2.css HTTP/1.1" 200 19713 "http://www.semicomplete.com/blog/geekery/bypassing-captive-portals.html" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" |
1 | Jan 17 08:10:31 host25 189.144.140.2 - ced [01/Jan/2013:02:00:00 +0100] "GET /ref/index.html HTTP/1.1" 200 3279 "http://www.semicomplete.com/blog/geekery/bypassing-captive-portals.html" "Mozilla/5.0 (Windows; U; Windows NT 6.0; sv-SE) AppleWebKit/525.27.1 (KHTML, like Gecko) Version/3.2.1 Safari/525.27.1" |
Fields normalization¶
Mandatory :
| Normalized fields | Parsed fields |
|---|---|
| [type] | |
| [obs][ts] (date) | [timestamp] |
| [target][uri][urn] | [request] |
| [init][process][name] | [agent] |
| [app][return][code] | [response] |
| [session][out][byte] | [bytes] |
| [init][host][ip] | [clientip] |
| [app][method] | [verb] |
| --------------------------------------------- |
Optional :
| Normalized fields | Parsed fields |
|---|---|
| [target][host][name] | [rep][host][name] |
Enriched :
| Normalized fields | Parsed fields |
|---|---|
| [taxo][nf][alarm] | from taxonomy.json (default: ) |
| [taxo][nf][sev] | from taxonomy.json (default: 2) |
| [action] | from http_codes.json |