Originally Posted by
DavidP
Anyways, tell me how and how long it would take you to do that in a GUI. What did I just do up there? I concatenated 3 server logs into one big file, the I threw out everything except for whatever occurred in Jan and Feb of 2008 and put that stuff in a new log file. After that I did searches on a specific IP address and also a specific table name in our MySQL tables to see if they came up in the server logs at all. By doing this, and some other techniques as well, I was able to quickly and easily find out exactly when, where, and how the hacker had gained access to our servers.
Now....how would you concatenate files like that in a GUI? Honestly I don't know how.
How would you pair down the log file and do searches on it that easily? There might be some GUI program that does it....but why bother? I did it in 30 seconds myself on the command line.