初めてのログ監視

gamzatti
Vote 0 Votes

Struts 2 の脆弱性の攻撃が多いので、リクエストの傾向を見てみたいと思い、 自サーバにStrutsを立てて、ログを監視することに。 Strutsは(もちろん)最新版を入れて、サーブレットフィルタもかけたものの、 次々に脆弱性が出てくるのでちょっとドキドキします^^; 反面、環境整えたから来て欲しいような。。(笑) ログ監視ツールを入れたものの、全然活用できてなかったので、これはいい機会と思い 検知したらアラートメールを送るように設定。 ちなみに今のところは、それらしきリクエストは来てない様子。 有用な情報が得られることに期待。

Example of Servlet filter

No TrackBacks

TrackBack URL: http://www.reverse-edge.com/cgi-bin/mt/mt-tb.cgi/18

1 Comment

| Leave a comment

Since recently, attacks leveraging vulnerabilities of Struts 2 have been observed,
I've just implemented Struts application and started monitoring logs
in order to analyze malicious requests.

Though I installed the newest version and also implement Servlet filter,
I'm little nervous because new vulnerabilities are disclosed one after another.
On the other hand, I might expect for suspect requests somewhere in my heart
as I've configured the environment for verification.

I have not be able to use log monitoring tool effectively so far,
I think this is the nice opportunity.
I configured the tool to send alert mail if some suspect requests are detected.

I have not observed any malicious requests so far,
however I hope I'll be able to get useful results.

Leave a comment

About this Entry

This page contains a single entry by gamzatti published on March 18, 2017 2:45 PM.

Detection and countermeasures for APT attacks against Active Directory using logs was the previous entry in this blog.

ログ監視(続編) is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.