cancel
Showing results for 
Search instead for 
Did you mean: 

URL in web server access log

I did try collect web server access log, e.g. Apache & IIS access log, and see fields in custom type do not contain URL but only file name filled in Object field. So I did custom Apache Advacned Syslog Parser myself for this purpose.

My question is should default parser extract URL into URL field? Do I miss something?

One more question is how can I filter events on ESM with URL? There is no URL field to choose from list of filter.

Attached is my custom ASP for Apache access log.

Regards,

Parinya

Message was edited by: parinya.ekparinya on 1/10/13 5:55:21 AM CST
2 Replies

Re: URL in web server access log

Sound likes a better way to collect web server log and get most information from web browsing traffic is using ADM.

Is that the recommended way to collect web browsing information for McAfee SIEM solution?

On the other hand if access log is the only thing we have, how can we get most information out of them?

For example, extract URL and User Agent will be useful information.

Another thing I just wonder is why don't we use the same custom type for URL for both event and flow?

Regards,

Parinya

Highlighted

Re: URL in web server access log

This one is URL for Event Field.

URL.png

Another one is HTTP_Req_URL for Flow Field.

HTTP_Req_URL.png

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community