web-log Access log messages grouped. 31100 ^4 Web server 400 error code. 31101 ^403|^404 .jpg$|.gif$|favicon.ico$|.png$|robots.txt$|.css$ Ignored extensions on 400 error codes. 31100 ='|select%20|insert%20|%20from%20|%20where%20|union%20 SQL injection attempt. attack,sql_injection, 31100 %027|%00|%7f|%2E%2E|%0A|%0D|../..|..\..|echo;|.. cmd.exe|root.exe|_mem_bin|msadc|/winnt/| /x90/|default.ida|/sumthin|nsiislog.dll|chmod%|wget%|cd%| cat%|exec%|rm%20 Common web attack. http://www.armbrustconsulting.com/LogEntries.html attack, 31100 %3Cscript|%2Fscript|script>|script%3E|SRC=javascript|IMG%20| %20ONLOAD=|INPUT%20 XSS (Cross Site Scripting) attempt. attack, 31103, 31104, 31105 ^200 A web attack returned code 200 (success). attack, 31103, 31104, 31105 ^/search.php?search=|^index.php?searchword= Ignored URLs for the web attacks 31100 URL too long. Higher than allowed on most browsers. Possible attack. invalid_access, 31100 ^50 Web server 500 error code (server error). 31120 ^501 Web server 501 error code (Not Implemented). 31120 ^500 alert_by_email Web server 500 error code (Internal Error). system_error, 31120 ^503 alert_by_email Web server 503 error code (Service unavailable). 31101 Mutiple web server 400 error codes from same source ip. web_scan,recon, 31103 Multiple SQL injection attempts from same souce ip. attack,sql_injection, 31104 Multiple common web attacks from same souce ip. attack, 31105 Multiple XSS (Cross Site Scripting) attempts from same souce ip. attack, 31121 Multiple web server 501 error code (Not Implemented). web_scan,recon, 31122 Multiple web server 500 error code (Internal Error). system_error, 31123 Multiple web server 503 error code (Service unavailable). web_scan,recon,