Apache logs: checking for a slowloris attack [closed]

4

I'm doing simulation of a slowloris attack on a Debian server running Apache.

The attacking machines are Debian as well.

In order to make sure that the slowloris attack was effective, I would like to access the logs of Apache and verify that the denial of service occurred, he at some point stopped accepting connections, the state of the buffers and so on. The time of the attacks are known.

Does Apache provide such information? Where to check in Debian? Any suggestions on what else to check?

Is it possible to "clean logs" (after backing up) to restart the experiments? How to do it?

    
asked by anonymous 16.03.2017 / 15:34

1 answer

4

There are two relevant logs you might want to check:

  • error.log , all errors that may have occurred in the service, usually in /var/log/apache2/error.log
  • access.log , access logs (hours, source ip, HTTP method, url accessed), usually in% with%

To restart the logs (delete the contents), if you want to back up before:

cd /var/log/apache2
cp access.log access.backup1.log
cp error.log error.backup1.log

And to delete the content:

cd /var/log/apache2
sudo cp /dev/null access.log
sudo cp /dev/null error.log

Tip: What I usually do with /var/log/apache2/access.log is to follow it in real time in a terminal:

tailf -10 caminho/para/error.log

this means:
error.log : follow (next) last file content
tailf : last 10 lines

    
16.03.2017 / 15:41