In this Immervive labs, I learned how to analyze web logs, especially from Apache and NGINX access logs. Access logs record can provide information about which pages are being viewed, how popular they are, and whether access requests are successful or not. This information is valuable for several reasons. It can be used for debugging, addressing issues, understanding which resources are in high demand, and helping analyze incidents.
Scenario:
In this lab, use what you’ve learned about access logs and the various information you can extract from them. Analyze the access logs under the Log_Files directory and answer the questions. You don’t need to use any other commands other than the ones provided to complete the lab.
1-Instruction: In the terminal, read the access logs using the command cat log-files/access_log.
2 – A GET request was made to retrieve a resource ending in .gz. What is the full name of this file? Only enter the file name; the path isn’t required.
Solution: The file name is access.log.47.gz. I found it by searching for it with the grep command: grep ‘GET .*\.gz’ access_log.
3 – What is the IP address of the client that made the request for the resource ending with .gz?
Solution: 25.144.243.89.
4- Looking at the user agent string for the .gz request, you can see it came from a crawler bot. What’s the name of the bot?
Solution: PetalBot
5 – What is the IP address of the client that was referred via “http://bartertown.com/”?
Solution: 80.91.27.137. Command I used to find the IP is grep ‘http://bartertown’ access_log | awk ‘{print $1}’
6- Which operating system was used by the client with the IP address 198.11.177.173, based on the user agent string?
Solution: Linux
7 – One instance of Googlebot shows up in the access logs. What is the size of the response sent to the client?
Solution: 21048 bytes
8 – Which vulnerability scanner can be seen in the access logs?
Solution: None
9 – Find the POST request with the referrer http://www.bartertown.com/. What is the unique token in the URI?
Solution: 381a35
Mory J. Gbane 
Leave a comment