How to read raw access logs

[surreality]

Does anyone have any guides or tips on how to analyze the raw access logs? All I see are IP addresses, dates, and some line that says either GET or HEAD. How do you know if there's anything suspicious in the log?

[markrd]

Wish I could help you out here, but I could use a little help in this area myself.
Actually, I could use a lot of help in analyzing the raw access logs.

[kirkas]

Why not just use Awstats in cPanel? Or another stats program, like Webalizer? I'm not very good at read logs, but Awstats is easy even for a newbie to understand.

[Shane Phillips]

Quote:

Originally Posted by kirkas

Why not just use Awstats in cPanel? Or another stats program, like Webalizer? I'm not very good at read logs, but Awstats is easy even for a newbie to understand.

cPanel is the best option to view raw access logs.

[Jenny Walker]

I use Awstats for checking the logs since the Raw Access Logs just make me dizzy. Well, even Awstats can be a bit confusing, but at least it does make sense if you stare at it long enough.

[techgirl]

Jenny Walker that was funny! "Well, even Awstats can be a bit confusing, but at least it does make sense if you stare at it long enough."

I use Awstats too, it's right in the CP and at least you can tell where your traffic is coming from. How many came from where and so forth.

[squishy]

You could use a raw access log analyzer like AlterWind Raw Log Analyze. I've never used it myself since Awstats works well enough, but you might find it useful. There are also some log analysis services out there, I think.

[surreality]

AlterWind, ey? Well, it looks good so I'll give it a try. Thanks to everyone suggesting Awstats, too. I think Awstats also gets its info from the raw logs, so it'll be interesting to see how well it matches up against AlterWind Raw Log Analyzer.