web-log Access log messages grouped. 31100 ^2|^3 is_simple_http_request Ignored URLs (simple queries). 31100 ^4 Web server 400 error code. 31101 \.jpg$|\.gif$|favicon\.ico$|\.png$|robots\.txt$|\.css$|\.js$|\.jpeg$ is_simple_http_request Ignored extensions on 400 error codes. 31100,31108 =select%20|select\+|insert%20|%20from%20|%20where%20|union%20| union\+|where\+|null,null|xp_cmdshell SQL injection attempt. attack,sql_injection, 31100 %027|%00|%01|%7f|%2E%2E|%0A|%0D|\.\./\.\.|\.\.\\\.\.|echo;| cmd\.exe|root\.exe|_mem_bin|msadc|/winnt/|/boot\.ini| /x90/|default\.ida|/sumthin|nsiislog\.dll|chmod%|wget%|cd%20| exec%20|\.\./\.\.//|%5C\.\./%5C|\./\./\./\./|2e%2e%5c%2e|\\x5C\\x5C Common web attack. attack, 31100 %3Cscript|%3C%2Fscript|script>|script%3E|SRC=javascript|IMG%20| %20ONLOAD=|INPUT%20|iframe%20 XSS (Cross Site Scripting) attempt. attack, 31103, 31104, 31105 ^200 A web attack returned code 200 (success). attack, 31100 \?-d|\?-s|\?-a|\?-b|\?-w PHP CGI-bin vulnerability attempt. attack, 31100 \+as\+varchar %2Bchar\(\d+\)%2Bchar\(\d+\)%2Bchar\(\d+\)%2Bchar\(\d+\)%2Bchar\(\d+\)%2Bchar\(\d+\) MSSQL Injection attempt (/ur.php, urchin.js) attack, 31103, 31104, 31105 ^/search\.php\?search=|^/index\.php\?searchword= Ignored URLs for the web attacks 31100 URL too long. Higher than allowed on most browsers. Possible attack. invalid_access, 31100 ^50 Web server 500 error code (server error). 31120 ^501 Web server 501 error code (Not Implemented). 31120 ^500 alert_by_email Web server 500 error code (Internal Error). system_error, 31120 ^503 alert_by_email Web server 503 error code (Service unavailable). 31101 is_valid_crawler Ignoring google/msn/yahoo bots. 31101 ^499 Ignored 499's on nginx. 31101 Multiple web server 400 error codes from same source ip. web_scan,recon, 31103 Multiple SQL injection attempts from same source ip. attack,sql_injection, 31104 Multiple common web attacks from same source ip. attack, 31105 Multiple XSS (Cross Site Scripting) attempts from same source ip. attack, 31121 Multiple web server 501 error code (Not Implemented). web_scan,recon, 31122 Multiple web server 500 error code (Internal Error). system_error, 31123 Multiple web server 503 error code (Service unavailable). web_scan,recon, 31100 =%27|select%2B|insert%2B|%2Bfrom%2B|%2Bwhere%2B|%2Bunion%2B SQL injection attempt. attack,sqlinjection, 31100 %EF%BC%87|%EF%BC%87|%EF%BC%87|%2531|%u0053%u0045 SQL injection attempt. attack,sqlinjection,