GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → tahz7 → traffic_analyser

tahz7 / traffic_analyser

Licence: MIT license
Retrieve useful information from apache/nginx access logs to help troubleshoot traffic related problems

Programming Languages

python
139335 projects - #7 most used programming language

Labels

linuxnginxautomationddosloganalysisapachetraffic

Projects that are alternatives of or similar to traffic analyser

lunaticlog
Fake HTTP log generator module, test if your monitor system can survive under the log spikes.
Stars: ✭ 35 (-20.45%)
Mutual labels:  log, apache, traffic
Netcap
A framework for secure and scalable network traffic analysis - https://netcap.io
Stars: ✭ 1,519 (+3352.27%)
Mutual labels:  analysis, traffic
analog-ce
Analog CE
Stars: ✭ 14 (-68.18%)
Mutual labels:  log, apache
WELA
WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅(ウェラ)
Stars: ✭ 442 (+904.55%)
Mutual labels:  log, analysis
Siem
SIEM Tactics, Techiques, and Procedures
Stars: ✭ 157 (+256.82%)
Mutual labels:  log, analysis
Kataribe
Access log profiler based on response time
Stars: ✭ 298 (+577.27%)
Mutual labels:  log, apache
Lucenenet
Apache Lucene.NET
Stars: ✭ 1,704 (+3772.73%)
Mutual labels:  analysis, apache
Meerkat
A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.
Stars: ✭ 284 (+545.45%)
Mutual labels:  log, analysis
Flog
🎩 A fake log generator for common log formats
Stars: ✭ 531 (+1106.82%)
Mutual labels:  log, apache
Nginx Lua Anti Ddos
A Anti-DDoS script to protect Nginx web servers using Lua with a HTML Javascript based authentication puzzle inspired by Cloudflare I am under attack mode an Anti-DDoS authentication page protect yourself from every attack type All Layer 7 Attacks Mitigating Historic Attacks DoS DoS Implications DDoS All Brute Force Attacks Zero day exploits Social Engineering Rainbow Tables Password Cracking Tools Password Lists Dictionary Attacks Time Delay Any Hosting Provider Any CMS or Custom Website Unlimited Attempt Frequency Search Attacks HTTP Basic Authentication HTTP Digest Authentication HTML Form Based Authentication Mask Attacks Rule-Based Search Attacks Combinator Attacks Botnet Attacks Unauthorized IPs IP Whitelisting Bruter THC Hydra John the Ripper Brutus Ophcrack unauthorized logins Injection Broken Authentication and Session Management Sensitive Data Exposure XML External Entities (XXE) Broken Access Control Security Misconfiguration Cross-Site Scripting (XSS) Insecure Deserialization Using Components with Known Vulnerabilities Insufficient Logging & Monitoring Drupal WordPress Joomla Flash Magento PHP Plone WHMCS Atlassian Products malicious traffic Adult video script avs KVS Kernel Video Sharing Clip Bucket Tube sites Content Management Systems Social networks scripts backends proxy proxies PHP Python Porn sites xxx adult gaming networks servers sites forums vbulletin phpbb mybb smf simple machines forum xenforo web hosting video streaming buffering ldap upstream downstream download upload rtmp vod video over dl hls dash hds mss livestream drm mp4 mp3 swf css js html php python sex m3u zip rar archive compressed mitigation code source sourcecode chan 4chan 4chan.org 8chan.net 8ch 8ch.net infinite chan 8kun 8kun.net anonymous anon tor services .onion torproject.org nginx.org nginx.com openresty.org darknet dark net deepweb deep web darkweb dark web mirror vpn reddit reddit.com adobe flash hackthissite.org dreamhack hack hacked hacking hacker hackers hackerz hackz hacks code coding script scripting scripter source leaks leaked leaking cve vulnerability great firewall china america japan russia .gov government http1 http2 http3 quic q3 litespeedtech litespeed apache torrents torrent torrenting webtorrent bittorrent bitorrent bit-torrent cyberlocker cyberlockers cyber locker cyberbunker warez keygen key generator free irc internet relay chat peer-to-peer p2p cryptocurrency crypto bitcoin miner browser xmr monero coinhive coin hive coin-hive litecoin ethereum cpu cycles popads pop-ads advert advertisement networks banner ads protect ovh blazingfast.io amazon steampowered valve store.steampowered.com steamcommunity thepiratebay lulzsec antisec xhamster pornhub porn.com pornhub.com xhamster.com xvideos xvdideos.com xnxx xnxx.com popads popcash cpm ppc
Stars: ✭ 295 (+570.45%)
Mutual labels:  ddos, traffic
VIAN
No description or website provided.
Stars: ✭ 18 (-59.09%)
Mutual labels:  analysis
l
Cross-platform html/io [L]ogger with simple API.
Stars: ✭ 26 (-40.91%)
Mutual labels:  log
addon-log-viewer
Log Viewer - Home Assistant Community Add-ons
Stars: ✭ 37 (-15.91%)
Mutual labels:  log
DDoS-Script
A script written in perl for ddos ​​with automatic detection of open and vulnerable port that gives up to 1.5 gb packages / s
Stars: ✭ 30 (-31.82%)
Mutual labels:  ddos
ghidra-findcrypt
Ghidra analysis plugin to locate cryptographic constants
Stars: ✭ 138 (+213.64%)
Mutual labels:  analysis
COVID19-Algeria-and-World-Dataset
A COVID-19 dataset with 90 World countries including Algeria.
Stars: ✭ 18 (-59.09%)
Mutual labels:  analysis
gosynflood
Demonstrates a synflood DDOS attack with raw sockets (for Ubuntu and Debian-like distros)
Stars: ✭ 88 (+100%)
Mutual labels:  ddos
atacr
Analysing Capture Seq Count Data
Stars: ✭ 14 (-68.18%)
Mutual labels:  analysis
app-application-logger
A small standalone Windows application to log the applications one is using
Stars: ✭ 13 (-70.45%)
Mutual labels:  log
Sparkora
Powerful rapid automatic EDA and feature engineering library with a very easy to use API 🌟
Stars: ✭ 51 (+15.91%)
Mutual labels:  apache
View All Similar Projects ➔

traffic analyser

description:

This script provides you with useful information to help troubleshoot traffic related issues such as DDOS attacks, traffic spikes, brute forces, xmlrpc attacks, fake spider/bot attacks etc.

It's designed to retrieve information as quickly as possible even in light of scenarios where there could be large log files and resource usage limits (server under heavy load).

requirements:

This script has been tested to run with the following;

  1. Python 2.6/2.7
  2. Ubuntu, Centos/Red Hat.
  3. Apache and Nginx

usage:

For quick basic usage with default options you can run;

curl -s https://raw.githubusercontent.com/tahz7/traffic_analyser/master/traffic_analyser.py | python

For more options please check the wiki section here

features:

The script detects if you're using apache or nginx and also automatically finds the access logs opened by them. Below are other features separated into five option groups which you can run in conjunction with each other;

Time Range

  • Check last X minutes, hour(s) or Day(s). You can also specify two dates to search in between.
  • To help you identify patterns/spikes, the data lists overall hits (between the date range you specify), the hourly hits and 10 minute interval hits. It shows the same per ip/request.

Data

All IP’s that are listed show their Country, city, ISP and their hostname. There is also the option to disable geo information.

  • Get the top X ip’s with their top X requests
  • Get the top X requests with their top X ip’s.
  • Specify X number of IP’s in command line and get their top X requests
  • Specify X number of requests in command line and get their top X ip’s making requests. (for example you can check ip’s that are hitting the request string ‘xmlrpc.php’ to see if there's an attack).

For any of the options above you can filter by 'POST' or 'GET' requests. The script will also tell you how many unique requests/ip hits an IP or a request is making.

Logs

  • Check all the logs that are opened to by Apache/nginx.
  • Check only the logs in a specific directory (useful if you want to check old archived logs that you can unzip into a directory and check).
  • List all the logs that are opened by apache/nginx and then you can choose from that list which logs you want the script to check (useful for checking logs per domain).
  • From the command line, list the file name of the log file(s) you want the script to check only.

Search Method

It's important to be able to retrieve the data as quickly as possible, particularly in scenarios where log files are large and the server's under heavy load.

One of the key features of the script is that it has the ability to read a log file from the bottom up. This is particularly useful since in most use cases you want recent data which happens to be at the bottom half of the log file. This means regardless of how big the log file is, if you only want data from the past 30 minutes or the past day then you should get quick results rather than having to go through the whole log file from top to bottom to find the relevant data. As soon as the script detects the ‘end date range’ it closes the log file without reading the rest of the lines since it doesn’t need to. However, there are exceptions to this such as instances where the data you want is closer to the top half of the log file (potentially such as data from a week ago in a very large log file) in which case you have the following options;

  • Check a log file from the top going down (once it hits the ‘end date range’ then it will close the log file).
  • There are extremely rare instances in which apache/nginx writes lines that are not in dated chronological order. This is usually minimal data but if you suspect this and the missing data discrepancy is important to your use case, then you also have the option to tell the script to read the whole log file, top to bottom without breaking off.

Miscellaneous

  • There may be cases where you don't necassarily need the geo information per ip in which case you can disable this information for faster results.
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].