Log Analysis Tool Kit (LATK)
The Log Analysis Tool Kit (LATK) version 1.5.4 is a collection of command line and web-based tools for use in incident response and long-term analysis of web server and proxy server log data. LATK can detect beaconing traffic in proxy logs and SQL injection, and XSS attempts in web server logs. Often when responding to a security incident, the only files available are web server and proxy server logs. LATK will aid you in detecting odd traffic, such as botnet beaconing and SQL injection attempts. The data available in these files can be overwhelming, but the tools in LATK can be used to parse these files and build a MySQL database for querying.
Installation of LATK is easy to perform with RPMs or DEBs on an OVF (Open Virtualization Format) Virtual Machine. These tools are available for download on the CERT website.
- Multiple log file format support
- Proxy Logs: Squid, Bluecoat
- Web Server Logs: Apache, IIS
- Beacon detection: Performs advanced analysis on proxy logs for beacon detection
Figure 1: Map of IP Address to Geo Location
Figure 2: SQLi Indicators
Figure 3: Top Clients by Bytes