From OSSEC Wiki

Jump to: navigation, search
[edit]

Log Samples for Lotus Domino HTTP

The logs for Lotus Domino are in the NCSA format (same as Apache) and also supported by IIS.


  • 400 Error codes: 
133.149.133.102 www.acmeco.com - [05/Nov/2006:00:28:27 -0500] "GET /webdb.nsf/4b0a23f8cfa6991205256e6d005d420d/tetheraccess.htm HTTP/1.1" 404 38692
133.149.133.102 www.acmeco.com - [05/Nov/2006:00:33:29 -0500] "GET /webdb.nsf/4b0a23f8cfa6991205256e6d005d420d/ghafeed.htm HTTP/1.1" 404 38690
133.149.133.102 www.acmeco.com - [05/Nov/2006:00:42:51 -0500] "GET /webdb.nsf/4b0a23f8cfa6991205256e6d005d420d/zetatesting.htm HTTP/1.1" 404 38695
123.17.114.67 intranet.acmeco.com - [05/Nov/2006:00:46:56 -0500] "GET / HTTP/1.1" 302 -
231.87.105.8 www.acmeco.com - [05/Nov/2006:00:49:26 -0500] "GET /webdb.nsf/color_Zneacme.gif?OpenImageResource HTTP/1.1" 304 0
193.6.193.161 www.acmeco.com - [05/Nov/2006:00:52:26 -0500] "GET /robots.txt HTTP/1.0" 404 159


  • Full sample: 
193.6.69.100 www.acmeco.com - [05/Nov/2006:00:00:13 -0500] "GET /webdb.nsf/MafzieandDmprneonjogr.pdf HTTP/1.0" 200 65111
123.17.114.142 msg.acmeco.com - [05/Nov/2006:00:00:45 -0500] "GET /mail/defjam.nsf/iNotes/Proxy/?OpenDocument&Form=s_PollXML&PresetFields=s_UsingHttps;1&NKA HTTP/1.1" 200 4601
231.87.105.8 www.acmeco.com - [05/Nov/2006:00:01:25 -0500] "GET /webdb.nsf/we_slagan.gif?OpenImageResource HTTP/1.1" 304 0
81.19.133.8 www.acmeco.com - [05/Nov/2006:00:01:33 -0500] "GET /robots.txt HTTP/1.0" 404 159
231.55.135.158 www.acmeco.com - [05/Nov/2006:00:01:40 -0500] "GET /webdb.nsf/web/stonecutport.htm HTTP/1.0" 200 41509
231.55.135.158 www.acmeco.com - [05/Nov/2006:00:01:42 -0500] "GET /webdb.nsf/licupBrickInformation HTTP/1.0" 200 44434
231.55.135.158 www.acmeco.com - [05/Nov/2006:00:01:44 -0500] "GET /webdb.nsf/web/sudden_grfdr.htm HTTP/1.0" 200 40433
133.149.133.102 www.acmeco.com - [05/Nov/2006:00:01:48 -0500] "GET /webdb.nsf/web/olds-31.htm HTTP/1.1" 200 40304
231.87.105.8 www.acmeco.com - [05/Nov/2006:00:01:57 -0500] "GET /webdb.nsf/hd_leftSlant.gif?OpenImageResource HTTP/1.1" 304 0
192.168.13.42 msg.acmeco.com - [05/Nov/2006:00:02:09 -0500] "GET /mail/banner.nsf/iNotes/Proxy/?OpenDocument&Form=s_ReadViewEntries&PresetFields=FolderName;($Alarms),s_UsingHttps;1&TZType=UTC&KeyType=time&StartKey=19700101T000000Z&UntilKey=20061106T050000Z&Count=100&NKA HTTP/1.0" 200 4736
123.17.114.142 msg.acmeco.com - [05/Nov/2006:00:02:19 -0500] "GET /mail/defjam.nsf/iNotes/Proxy/?OpenDocument&Form=s_ReadViewEntries&PresetFields=FolderName;($Alarms),s_UsingHttps;1&TZType=UTC&KeyType=time&StartKey=19700101T000000Z&UntilKey=20061106T050000Z&Count=100&NKA HTTP/1.1" 200 4736
231.87.105.8 www.acmeco.com - [05/Nov/2006:00:02:21 -0500] "GET /webdb.nsf/symb_Contact_OFF.gif?OpenImageResource HTTP/1.1" 304 0
231.55.135.158 www.acmeco.com - [05/Nov/2006:00:02:22 -0500] "GET /webdb.nsf/b22359a69e6184e185256d07000a3de0/614e3cc9f5dc475205256e4e0053f0ff/ContentBody/0.8A!OpenElement&FieldElemFormat=jpg HTTP/1.0" 200 9052
231.55.135.158 www.acmeco.com - [05/Nov/2006:00:02:23 -0500] "GET /webdb.nsf/web/suppositn.htm HTTP/1.0" 200 41410
Retrieved from "http://ossec.net/wiki/index.php/Log_Samples_Lotus_Domino"
Views
Personal tools