This section contains examples of using Log Scanner in some situations.
Checking several log files
All log files that you pass for scanning must be in UTF-8 encoding. If your log files have a different encoding, make sure to convert them to UTF-8.
If you have feeds that are not compiled and a directory containing log files, you can check the log files by performing the following procedure.
To check several log files:
You can do it by using the kl_feed_service script as follows:
%service_dir%/etc/init.d/kl_feed_service start (in LInux)
%service_dir%\bin\kl_control.bat start (in Windows)
./log_scanner -r –p ../logs (in Linux)
log_scanner.exe -r –p ..\logs (in Windows)
%service_dir%/etc/init.d/kl_feed_service stop (in Linux)
%service_dir%\bin\kl_control.bat stop (in Windows)
After Log Scanner finishes its work, the directory specified by the OutputDir element of the log_scanner.conf configuration file will contain a report about the URLs and hashes detected by Feed Service.
Checking several URLs and hashes
If you have to check several URLs and hashes, perform the following procedure.
To check several URLs and hashes:
%service_dir%/etc/init.d/kl_feed_service start (in LInux)
%service_dir%\bin\kl_control.bat start (in Windows)
./log_scanner -r -s A72C5B99F2706B00718279C9533A3648 -s 6AA0321FA9D82D652AB53882D7CF9E592B4439B8 (in LInux)
log_scanner.exe -r -s A72C5B99F2706B00718279C9533A3648 -s 6AA0321FA9D82D652AB53882D7CF9E592B4439B8 (in Windows)
./log_scanner -r –u test.mav.example.com?bad_url=1 -u test.phishing.example.com/psh/test?p=1&p=2 (in LInux)
log_scanner.exe -r –u test.mav.example.com?bad_url=1 -u test.phishing.example.com/psh/test?p=1&p=2 (in Windows)
%service_dir%/etc/init.d/kl_feed_service stop (in LInux)
%service_dir%\bin\kl_control.bat stop (in Windows)
After Log Scanner finishes its work, the directory specified by the OutputDir element of the log_scanner.conf configuration file will contain a report about the URLs detected by Feed Service and a report about the detected hashes.