In the era of blossoming computer sciences and internet technology, people cannot abolish network in our lives. However, the large number of users, website services will make itself became the most favorite targets for hackers. Although these malicious behaviors can be detected by network intrusion detection system, it is difficult to generate accuracy result owing to the shortage of data. This paper proposed a solution using host intrusion detection system that focus on the host log detection of webserver. Besides using port monitoring to monitor network environment, this paper also collected signatures of web attack and malicious activities by using signature-based approach. Furthermore, this research will find out the source of the malicious files with file monitoring function, and take appropriate action to protect web services. By using the proposed mechanism of host-based intrusion detection methods, it can provide a high accuracy to bring safety for managers and users.