AQTRONiX
Info Security
News
Advisories
Whitepapers
 
WebKnight
Features
Download
Support
SQL Injection
Robots
Hot Linking
DoS
Testimonials
 
Log Analysis
Features
Download
Manual
 

Log Analysis - Manual

Opening log files

You can copy the exe file to any folder you want, you can even copy the file to an USB disk. There is no need to run an installer. You could copy the executable in any folder containing log files and create a shortcut on your desktop to run the file.

When you start the log analysis program, it will automatically look for log files (*.log) in the following order:

  • the current folder.
  • in subfolders with the names LogFiles, LogFile, Logs, Log
If there is only one log file, it will automatically open it. If there are more log files, a dialog is shown to select the log file to open. You can also cancel this dialog and open a log file with the menu File --> Open.

Viewing log entries

The viewer is split in 2 sections:

  • List of log entries. This shows the log entries in a scrollable grid. The program will automatically try to detect the field separator by looking for a #Fields header or by scanning the file for certain separators.
  • Details view for showing the currently selected log entry in the list. The details window will show the log entry on multiple lines (each field on a separate line). It will also detect uppercase keywords in the log entries and show them in red.

You can leave the application running, if there are entries added to the log file, the application will automatically append them to the list when you click in the log entries list or press F5.

Filter log entries

When you select something in the details view, you can filter it by right-clicking or going to the menu View --> Filter.

You can filter log entries for certain text. This filter can be set to include records with the string or to exclude those records.

You can also save your filter settings for later use. A file LogAnalysis.ini will be made if you go to View --> Save. Next time you start the application, the settings are loaded from this file.

DNS and WHOIS lookup

When you select something in the details view, you can do a DNS or WHOIS lookup by right-clicking or going to the menu Edit.

You can perform WHOIS lookups on an IP address that you selected in the detail view. The default WHOIS server is whois.arin.net. The tool will automatically perform recursive WHOIS lookups if you are not on the right WHOIS server.

The following are the most used WHOIS servers you can select from the drop down list. You can also type another WHOIS server.

  • whois.arin.net
  • whois.ripe.net
  • whois.apnic.net
  • whois.lacnic.net
  • whois.afrinic.net
More information about the WHOIS protocol.

Opening custom log files

When you open a log file where the fields are not defined and they are not separated by a certain separator character (tab,comma,semi-colon...), you can specify the field separator text yourself:

Merging log files

If you want to merge multiple log files to one file for analysis, you can run this in a command prompt:

copy *.log merged.log

Published: 3/10/2008Document Type: General
Last modified: 9/05/2013Target: Administrator
Visibility: PublicLanguage: English

[top]


Comments (use this form to send comments to the author of the page):
Text:
E-mail: (optional)
User Agents
Browse
My User-Agent?
Am I Infected?
Search
 
Members
Login
 
You are not logged in
    
AQTRONiX
Serious about Security
Copyright © 2014 AQTRONIX. All rights reserved.