I have a few honeypots out there just collecting information about web attacks and they have been great to help me improve OSSEC and how it parses web/proxy logs. Since I couldn’t find any public resource dedicated to store this kind of information, I decided to create one at the OSSEC wiki to keep track of them. It is all manual right now, but I plan to automate a lot of work to keep the page current.
I have a few entries with sites storing php/perl bots, common attack patterns, copies of the tools used, etc. If you want to help out keeping it updated, let me know. If you want to share your logs (from real servers or honeypots), it would be great too..
More info: Web attacks links