It is important for you to periodically check the server's log file in order to determine if unauthorized people are trying to access secured documents. This is done by checking the status code in the log file entries.
Every status code is a three digit number. The first digit defines how your server responded to the request. The last two digits do not have any categorization role. There are five values for the first digit:
Below we list the most common status codes that can appear in your log file. You can find a complete list on the http://www.w3.org/pub/WWW/Protocols/HTTP/1.0/spec.html Web page.
Status code 401 is logged when a user attempts to access a secured document and enters an incorrect password. By searching the log file for this code, you can create a report of the failed attempts to gain entry into your site.
The code listing serchlog.pl shows how the log file could be searched for a specific error code-in this case, 401.
serchlog.pl operates as follos:
The Perl for serchlog.pl is as follows:
#!/usr/bin/perl -w format = @<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< @>>>>>>> $site, $count . format STDOUT_TOP = @|||||||||||||||||||||||||||||||||||| Pg @< "Unauthorized Access Report", $% Remote Site Name Access Count --------------------------------------- ------------ . sub parseLogEntry { my($w) = "(.+?)"; m/^$w $w $w \[$w:$w $w\] "$w $w $w" $w $w/; return($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11); } $LOGFILE = "access.log"; open(LOGFILE) or die("Could not open log file."); foreach (<LOGFILE>) { ($site, $status) = (parseLogEntry())[0, 9]; if ($status eq '401') { $siteList{$site}++; } } close(LOGFILE); @sortedSites = sort(keys(%siteList)); if (scalar(@sortedSites) == 0) { print("There were no unauthorized access attempts.\n"); } else { foreach $site (@sortedSites) { $count = $siteList{$site}; write; } }
This program displays:
Unauthorized Access Report Pg 1 Remote Site Name Access Count --------------------------------------- ------------ ip48-max1-fitch.zipnet.net 1 kairos.algonet.se 4
You can expand this program's usefulness by also displaying the logName and fullName items from the log file.