Log Analysis Tool Kit (LATK)

The Log Analysis Tool Kit  (LATK) version 1.5.4 is a collection of command line and web-based tools for use in incident response and long-term analysis of web server and proxy server log data. LATK can detect beaconing traffic in proxy logs and SQL injection and XSS attempts in web server logs. Often when responding to a security incident, the only files available are web server and proxy server logs. LATK will aid you in detecting odd traffic, such as botnet beaconing and SQL injection attempts. The data available in these files can be overwhelming, but the tools in LATK can be used to parse these files and build a MySQL database for querying.

Installation of LATK is easy to perform with RPMs or DEBs on an OVF (Open Virtualization Format) Virtual Machine. These tools are available for download on the CERT website.

Features

Multiple Log File Format Support

  • Proxy Logs: Squid, Bluecoat
  • Web Server Logs: Apache, IIS

Beacon Detection
Performs advanced analysis on proxy logs for beacon detection.

System Requirements

  • System: Mac OS X, Linux
  • Software: Apache, Python 3.x, MySQL

Download

LATK can be downloaded from the CERT Forensics Wiki.

latk-geoip-map

Figure 1: Map of IP Address to Geo Location

 

latk-www-sqli

Figure 2: SQLi Indicators

 

proxy-tttlbytes
Figure 3: Top Clients by Bytes

Find Us Here

Find us on Youtube  Find us on LinkedIn  Find us on twitter  Find us on Facebook

Share This Page

Share on Facebook  Send to your Twitter page  Save to del.ico.us  Save to LinkedIn  Digg this  Stumble this page.  Add to Technorati favorites  Save this page on your Google Home Page 

For more information

Contact Us

info@sei.cmu.edu

412-268-5800

Help us improve

Visitor feedback helps us continually improve our site.

Please tell us what you
think with this short
(< 5 minute) survey.