Handy Apache log file analyser - Scalp
Needed to examine a series of apache log files for suspicious activity from a group of IP address and came across this:
wget http://apache-scalp.googlecode.com/files/scalp-0.4.py wget --no-check-certificate https://dev.itratos.de/projects/php-ids/repository/raw/trunk/lib/IDS/default_filter.xml
Set the permissions:
chmod 755 scalp-0.4.py
Run the command:
./scalp-0.4.py -l /var/log/access_log -f ./default_filter.xml -o ./scalp-output --text
In on my first run I needed to comment out rule 45 and 73 from the default_filter.xml due to some compile issues. You can then filter the data:
cat scalp-output/access_log.2_scalp_Mon-10-Jun-2013.txt | grep -v "com_search" | less