I have a set of Apache access_logs where a URL is something similar to:
http://mydomain.com/user.php?userid=123
I'm trying to find any attempts where consecutive URL requests for the same URL are repeated but with increment userid values, in a short period of time.
For example, identify if this happens:
http://mydomain.com/user.php?userid=123
http://mydomain.com/user.php?userid=124
http://mydomain.com/user.php?userid=125
etc..
I haven't been able to determine the search needed to take the value of 'userid' from the last event found, increment by 1, and see if the next event found contains that userid value.
Any suggestions?
↧