Re: [PLUG] slightly OT: finding SQL injection in M$ logs with grep

JP Vossen on 27 Mar 2010 16:17:00 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] slightly OT: finding SQL injection in M$ logs with grep

From: JP Vossen <jp@jpsdomain.org>

To: plug@lists.phillylinux.org

Subject: Re: [PLUG] slightly OT: finding SQL injection in M$ logs with grep

Date: Sat, 27 Mar 2010 19:16:50 -0400

Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Sender: plug-bounces@lists.phillylinux.org

User-agent: Thunderbird 2.0.0.23 (X11/20090817)

On Friday Ben Love said: > > Unfortunately, MS SQL logs are entirely Binary. If you want, you can > pay lots of money for programs that will examine your SQL logs. (It's > Microsoft; all utilities are 3rd party and expensive. What did you > think was going to happen?) Bah. That "black box" (that never quite works right) mentality is a big part of why I hate M$ crap. This is a *long* shot, but, ironically, the free MS Log Parser Toolkit [1] **might** be of some use. I eyeballed the input formats in the book [2] I have, and there is no mention of MS SQL. But there are a number of binary formats, esp. from IIS. Maybe it's possible that one would work, or that someone has figured out some kind of hack? Like I said, long shot but I figured I'd at least mention it. Come to think of it, there is probably no technical reason why reverse engineering to write a decoder would be hard. There might be legal issues though. May be worth a Google for that... Good luck, JP _________ [1] MS Log Parser Toolkit http://windowsdevcenter.com/pub/a/windows/2005/07/12/logparser.html http://www.microsoft.com/downloads/details.aspx?FamilyID=890cd06b-abf8-4c25-91b2-f8d975cf8c07 [2] http://www.amazon.com/Microsoft-Log-Parser-Toolkit-undocumented/dp/1932266526 ----------------------------|:::======|------------------------------- JP Vossen, CISSP |:::======| http://bashcookbook.com/ My Account, My Opinions |=========| http://www.jpsdomain.org/ ----------------------------|=========|------------------------------- "Microsoft Tax" = the additional hardware & yearly fees for the add-on software required to protect Windows from its own poorly designed and implemented self, while the overhead incidentally flattens Moore's Law. ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

Prev by Date: Re: [PLUG] slightly OT: finding SQL injection in M$ logs with grep

Next by Date: [PLUG] Ongoing saga with Samba and AD

Previous by thread: Re: [PLUG] slightly OT: finding SQL injection in M$ logs with grep

Next by thread: [PLUG] Ongoing saga with Samba and AD

Index(es):

Date

Thread