[转载]整理了几条 LogParser 命令

[转载]http://www.room702.cn/index.php/archives/244

注入分析:
LogParser "select time,c-ip,cs-uri-stem,cs-uri-query,sc-status,cs(User-Agent) from ex080228.log where cs-uri-query LIKE '%select%'"

查询日志文件:ex080228.log , 查询关键字:select

==================================================

反射型XSS分析:
LogParser "select time,c-ip,cs-uri-stem,cs-uri-query,sc-status,cs(User-Agent) from ex080228.log where cs-uri-query LIKE '%<script>%'"

查询日志文件:ex080228.log ,查询关键字:<script>

==================================================

特定时间记录搜索:
LogParser "select time,c-ip,cs-uri-stem,cs-uri-query,sc-status,cs(User-Agent) from ex080228.log where time between TIMESTAMP( '09:07:00', 'hh:mm:ss' ) and TIMESTAMP( '09:08:00', 'hh:mm:ss' )"

查询日志文件:ex080228.log ,搜索时间段:09:07:00 至 09:08:00

==================================================

根据IP地址统计访问情况:
LogParser "select date,time,c-ip,cs-uri-stem,cs-uri-query,cs(User-Agent),sc-status from ex080228.log WHERE IPV4_TO_INT(c-ip) BETWEEN IPV4_TO_INT('172.16.9.0') AND IPV4_TO_INT('172.16.9.255')" 

查询日志文件:ex080228.log , 搜索IP段:172.16.9.0/24

==================================================

目录猜解搜索:
LogParser "select time,c-ip,count(time) as BAD from ex080228.log where sc-status=404 group by time,c-ip having BAD>5"

查询日志文件:ex080228.log , 搜索错误次数大于N次:5

==================================================

表单破解搜索:
LogParser "select time,c-ip,cs-uri-stem,count(time,cs-uri-stem) as BAD from ex090609.log where sc-status=200 and cs-method='POST' group by time,c-ip,cs-uri-stem having BAD>4"

查询日志文件:ex090609.log , 搜索同一秒内POST次数大于N次:4

==================================================

异常User-Agent搜索:
LogParser "select time,c-ip,cs-uri-stem,cs-uri-query,sc-status,cs(User-Agent) from ex080228.log where cs(User-Agent) NOT LIKE 'Mozilla%'"

查询日志文件:ex080228.log , 搜索User-Agent:全部未以Mozilla开头的User-Agent

==================================================

不正常的HTTP Method
LogParser "select time,c-ip,cs-method,cs-uri-stem from ex090609.log where cs-method in ('HEAD';'OPTIONS';'PUT';'MOVE';'COPY';'TRACE';'DELETE')"

查询日志文件:ex090609.log , 搜索异常方法:('HEAD';'OPTIONS';'PUT';'MOVE';'COPY';'TRACE';'DELETE')"



赞(0) 打赏
分享到: 更多 (0)

觉得文章有用就打赏一下文章作者

支付宝扫一扫打赏

微信扫一扫打赏