LogJack, Code Red Special Edition
=================================

This version of LogJack is modified to generate statistics for Code Red
attacks on a system, and optionally to attempt to send a command to
attacking systems causing them to open a web browser window with information
about Code Red.

Okay, So How Do I Make It Work?
===============================

Somewhere in your Apache config, you'll have a line specifying where to
record each access (usually in a file creatively called "access.log"). 
LEAVE IT ALONE!  You don't want to replace it, but you want to add another
one.  Apache lets you log to as many different places as you like.  Nifty,
eh?  You can even set up multiple LogJacks, each with a different config.
Anyhow, add something like this to your Apache config:

CustomLog "|exec /usr/local/bin/logjack-codered.pl /usr/local/etc/logjack" combined

The first parameter to CustomLog tells Apache where to send its log
information.  By starting it with a pipe, we say we want the following
program executed and the data piped to its STDIN.  The "exec" is optional
but prevents an extra copy of /bin/sh from hanging around in memory all the
time.  Next is the path to where you placed logjack-codered.pl (could be
anywhere you like), and finally, logjack-codered.pl takes as its one and
only parameter the location of is configuration directory (which again can
be anywhere).  The last CustomLog parameter is the log file format.  Just
say "combined".

Now, the configuration directory should contain at least one file, called
"config-codered.pl".  You will want to edit this file to set the various
options in it.  The Code Red Special Edition of LogJack uses no other files,
so if you also use LogJack (normal version) you may use the same
configuration directory, the config files won't conflict.  HOWEVER, you MUST
specify a different output directory in your config-codered.pl or the
reports these two version generate will overwrite one another.

Reports?  How to I use these .table files?
==========================================

The tables are your basic reports on all the various statistics, see my
website for examples.  It should be noted that they aren't complete tables,
they actually just contain rows.  This is because how you format your tables
is likely to be different from how I format mine, depend on the look and
feel of your website.  Thus, you're to create your own <TABLE> header, then
just include the generated file as the body, something like this:

<TABLE ALIGN=CENTER BORDER=4 BGCOLOR="#DDDDDD">
<TR><TH ALIGN=LEFT>Cool web surfing program</TH><TH ALIGN=RIGHT>Hits</TH></TD>
<!--#include virtual="agent.table" -->
</TABLE>

So YOU create the table, with whatever formatting, colors, etc. you want,
and just use SSI to include the content.

Questions?
==========

Go to http://www.dreamsmith.org/codered/ and look around.  If you don't find
answers there, send your questions in email to "gt" on dreamsmith.org.