Using R to process Apache Log Files

mihalis's picture

R can help you check for security threats.

As my site is a Drupal site, I want to monitor the GET /?q=node/add HTTP/1.1, GET /?q=user/register HTTP/1.1, GET /?q=node/add HTTP/1.0 and GET /?q=user/register HTTP/1.0 requests that indicate hack attempts.

After inserting the log file into R using read.table(), I used the following command to select the entries that match my criteria.

HACK = subset(LOGS, V6 %in% c("GET /?q=node/add HTTP/1.1",
"GET /?q=user/register HTTP/1.1",
"GET /?q=node/add HTTP/1.0",
"GET /?q=user/register HTTP/1.0" ))

Last, I created a Bar Plot to visualize my data.

Image: