资 源 简 介
Summary
LightBulb is a utility to aid in finding automated traffic in web proxy logs.
For now, lightbulb only deals with BlueCoat proxy log files. However it can be easily modified to read in other log formats.
Requires:
Ruby 1.8.7 or later
Usage:
Lightbulb takes input from standard in so that filtering may be done prior to loading in traffic.
Example:
cat logfile.txt | ruby lightbulb.rb
This will create an output file in the same directory (lightbulb_report.txt).
The format of the output file is:
Entropy, HostIP : => time intervals in seconds
The final report has 2 sections. The top section is the statistical outliers with the beacons displayed. The second half of the report is traffic across all hosts without the traffic information displayed.
Below
