What is the best way to survey and detect bad users behavior or attacks like deny of services or exploits on my web app ?
I know server's statistics (like Awstats) are very useful for that kind of purpose, specially to see 3XX, 4XX and 5XX errors (here's an Awstats example page) which are often bots or bad intentioned users that try well-known bad or malformed URLs.
Is there others (and betters) ways to analyze and detect that kind of attack tentative ?
Note : I'm speaking about URL based attacks, not attacks on server's component (like database or TCP/IP).
Log everything. Then examine the logs by hand, and find things that are uninteresting and write a parser that discards those log entries. Once you've done that, rinse and repeat until you're left with just the interesting things. Now that you have only interesting log entries to read, decide which ones are dangerous and which ones are harmless but annoying, and fix as appropriate.