Appar - Apache access log parser

Perl script to parse Apache access log (CLF) and migrate it to MySQL.

Features

appar.pl - Apache access log parser
Version 0.1 by Matteo Cantoni
Homepage: http://www.nothink.org

 Usage: appar.pl [options] --log 

	--log              the Apache access.log fil
	--limit            to limit the top results
	--without          without CSS / images / javascript / all
	--without_word     the word to be excluded from parsing (case insensitive)
        --db_write         enable database MySQL support
	--version          show version number and exit
	--help             show this help message and exit

 Examples:

	./appar.pl --limit 30 --log access.log
        ./appar.pl --db_write --log access.log
	./appar.pl --without css --log access.log
	./appar.pl --without javascript --log access.log
	./appar.pl --without images --limit 30 --log access.log
	./appar.pl --without all --without_word manager --log access.log

Demo

appar.pl - Apache access log parser
Version 0.1 by Matteo Cantoni
Homepage: http://www.nothink.org

[+] Processed 194 requests in 0.04 seconds

[+] Limit results      : 10
[+] Keywords           : alert, bin, cmd, etc, passwd, phpmyadmin, select, sql, xss

[*] Total requests     : 194
[*] Malformed requests : 0
[*] Bandwidth          : 628k

[*] Client IP address
-----------------------------------------------------------------------------------------------

34         188.*.114.198  IT, Italy
33         79.*.157.210     IT, Italy
20         83.*.231.250   GB, United Kingdom
16         65.*.241.79     US, United States
8          91.*.92.5      UA, Ukraine
7          119.*.193.131   JP, Japan
6          119.*.193.132   JP, Japan
6          119.*.193.195   JP, Japan
5          66.*.74.233    US, United States
5          119.*.193.196   JP, Japan

[*] RFC 1413 identity (http://tools.ietf.org/html/rfc1413)
-----------------------------------------------------------------------------------------------

194        -

[*] User ID
-----------------------------------------------------------------------------------------------

191        -
2          ******

[*] Date
-----------------------------------------------------------------------------------------------

64         31/Dec/2012
57         02/Jan/2013
37         01/Jan/2013
36         30/Dec/2012

[*] Datetime
-----------------------------------------------------------------------------------------------

23         02/Jan/2013:02:21:56 +0100
16         31/Dec/2012:18:37:33 +0100
12         31/Dec/2012:18:37:34 +0100
10         30/Dec/2012:19:25:53 +0100
5          30/Dec/2012:19:25:52 +0100
4          02/Jan/2013:02:21:54 +0100
4          02/Jan/2013:02:21:55 +0100
3          31/Dec/2012:18:37:32 +0100
2          31/Dec/2012:21:38:08 +0100
2          01/Jan/2013:15:37:33 +0100

[*] Hours
-----------------------------------------------------------------------------------------------

35         18
34         02
34         19
15         15
12         17
9          13
7          03
6          09
5          11
5          05

[*] URI Path Requests
-----------------------------------------------------------------------------------------------

74         /
14         /robots.txt
8          /scripts/setup.php/scripts/setup.php
5          /about.php
3          /js/bootstrap-popover.js
3          /js/bootstrap-scrollspy.js
3          /js/bootstrap-transition.js
3          /css/bootstrap.css
3          /js/bootstrap-typeahead.js

[*] URI Requests
-----------------------------------------------------------------------------------------------

56         GET / HTTP/1.1
16         HEAD / HTTP/1.1
14         GET /robots.txt HTTP/1.1
5          GET /about.php HTTP/1.1
3          GET /js/jquery-1.7.2.min.js HTTP/1.1
3          GET /js/bootstrap-tab.js HTTP/1.1
3          GET /css/bootstrap.css HTTP/1.1
3          GET /js/bootstrap-collapse.js HTTP/1.1
3          GET /js/bootstrap-modal.js HTTP/1.1

[*] Methods (http://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol)
-----------------------------------------------------------------------------------------------

176        GET
18         HEAD

[*] Status code (http://en.wikipedia.org/wiki/List_of_HTTP_status_codes)
-----------------------------------------------------------------------------------------------

181        200
11         404
2          401

[*] Size of the object returned (total bytes 628k)
-----------------------------------------------------------------------------------------------

43         5717
18         176
6          2317
6          359
6          1158
4          2342
3          447
3          2394
3          321
2          1284

[*] Referer (http://en.wikipedia.org/wiki/HTTP_referer)
-----------------------------------------------------------------------------------------------

112        -
63         http://www.********.org/admin/
18         http://www.********.org/
1          http://www.********.org/2010/03/03/

[*] Referer Host (http://en.wikipedia.org/wiki/HTTP_referer)
-----------------------------------------------------------------------------------------------

81         www.********.org
1          www.********.eu

[*] User-Agent (http://en.wikipedia.org/wiki/User_agent)
-----------------------------------------------------------------------------------------------

67         Mozilla/5.0 (Linux; U; Android 2.3.5; it-it; GT-I9001 Build/GINGERBREAD) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1
43         Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
20         Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.45 Safari/537.17
16         InternetSeer.com
8          Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
8          Plesk
5          Mozilla/5.0 (compatible; AhrefsBot/4.0; +http://ahrefs.com/robot/)
4          Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)
4          Mozilla/5.0 (compatible; Ezooms/1.0; ezooms.bot@gmail.com)
3          SAMSUNG-SGH-E250/1.0 Profile/MIDP-2.0 Configuration/CLDC-1.1 UP.Browser/6.2.3.3.c.1.101 (GUI) MMP/2.0 (compatible; Googlebot-Mobile/2.1; +http://www.google.com/bot.html)

[*] Keywords (just a very SIMPLE parsing, non-exhaustive!)
-----------------------------------------------------------------------------------------------

3          alert
2          sql
2          phpmyadmin

Download

Version Link
0.1 (2012/10/01) appar.pl

See also

Contact

Please send your feedback to Matteo Cantoni matteo.cantoni@nothink.org.