there was a ddos attack on my old work website this afternoon. i found out when i checked my email later in the evening -- cron emails that said psql had hit its connection limit. this had never happened before. maybe someone thought they'd attack sites on election day or something. restarting the app server fixed the issue.

i downloaded the web server's log file, and tried to use analog to do something deeper than greps (i couldn't think of any other tool). grep was more useful. it was easy for me to find the ddos requests, and i figured out by visual inspection that they listed an old version of chrome in their user agent. blocked that.

but, i want a tool to help me do things like this.

i got to wondering if there was an old expert system out there that i could feed the log file to, tell it what each part of the log line is (i have a custom log format), and then ask more detailed questions. what i'm interested in, most of all, is when or how they probed the site to find the url to hit. i want something to show me those lines.

i didn't try openai/chatgpt or my locally installed models with ollama because this isn't something for generative ai.