Web Access Log

Created by Paul

With so many companies offering services over the web, HTTP access logs have become an important forensic resource. Most web servers log basic information about each HTTP request. These logs tend to follow a loose, non-standardized format, so parsing them reliably can be tricky. The log in this challenge was generated by Nginx, a popular web server.

Use this file to answer the challenge questions!

  1. How many requests were logged?
  2. How many unique status codes were returned by the server?
  3. How large was the largest response body in bytes?
  4. How many HTTP tunneling attempts were made?
  5. How many entries have completely invalid request lines containing raw binary data?
  6. Of those invalid entries, how many likely the result of an attempt to establish an SSL or TLS connection?
  7. How many unique user agents were observed, excluding empty or missing user agents?
  8. How many requests were made by Firefox?
  9. How many attempts were made to exploit CVE-2020-8515?

Submit your answers here.

Need help answering this challenge? Check out Paul’s writeup here and Taisa’s guide to Command-line Log Analysis (part 3 is specifically about this challenge).