Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Web Server Log Project - SANS Internet Storm Center Web Server Log Project


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Web Application Logs

We are collecting web application logs via our honeypots, as well as from web server error logs ("404 Errors"). To participate in this effort, you can install our honeypot (which will also submit firewall and ssh data) or you can install one of our 404 error log parser scripts.

In order to submit logs, you will have to be a registered user. We currently do not accept anonymous logs. However, you may obfuscate your logs as you submit them.

This table summarized the report volume received over the last 10 days.

  • Date: We use GMT as timezone for all of our date and time values.
  • Reports: Individual reports. Each request to a honeypot is counted as a report. Some honeypots will supress related reports. For example, if a page includes images, only the request to the actual page is counted and the subsequent requests to images may be ignored.
  • Submitters: Identified users submitting reports.
  • Targets: Target hosts submitting data. This number may be larger then the number of submitters as some submitters operate mulitple honeypots.
  • Sources: Distinct source IPs detected on a particular day.
DateSubmittersURLsUser AgentsSourcesReports
DateSubmittersURLsUser AgentsSourcesReports