Logs

From wiki.mikejung.biz
Jump to: navigation, search

Liquidweb 728x90.jpg

Syslogd

Configure Syslog to forward logs to remote server

To set up forwarding to a remote server. Edit the file listed below and enter in the IP address of the server that you want to forward the logs to. Restarted syslogd after you edit the file to apply the new settings.

vim /etc/syslog.conf

add the line:

*.*                     @$IPaddress

restart syslogd


Logrotate

Default logrotate configuration files

By default the logrotate.d configuration files are as follows:

/etc/logrotate.conf # Main conf file.

/etc/logrotate.d/* # The configuration files for each service.

Rotating apache logs

How can I rotate Apache logs easily and regularly?

Insert the following code into /etc/logrotate.d/apache (only include the domlog directories if cpanellogd/awstats are disabled):

/usr/local/apache/logs/*log  {
    compress
    weekly
    notifempty
    missingok
    rotate 3
    sharedscripts
    postrotate
        /bin/kill -HUP `cat /usr/local/apache/logs/httpd.pid 2>/dev/null` 2> /dev/null || true
    endscript
}

No postrotate

Notice that this specific rotate schedule has postrotate (/bin/kill -HUP `cat /usr/local/apache/logs/httpd.pid 2>/dev/null` 2> /dev/null || true). This is related to apache and will keep some sort of current log intact it seems (without postrotate you may see that the error log is rotated but a new error log file is not generated). You may need to use and option called "create" to create a new log file if you do not have a postrotate script in the rotate configuration file that you are creating. Test it out and make sure you have a log file. Some softwares or services may not generate a new log file if one does not exist.

then run "logrotate -f /etc/logrotate.d/apache". This will rotate and compress the existing logs. Logs will rotate weekly from that time on.

  • alternate configuration for /etc/logrotate.d/apache
 /usr/local/apache/logs/error_log {
    rotate 4
    compress
    missingok
    postrotate
    /usr/local/apache/bin/apachectl graceful
    endscript
}

Will need to setup a block for each log file or modify the first line in the block to include the other log files.


Always test your work. Run:

logrotate -f /etc/logrotate.d/filename

or

/etc/cron.daily/logrotate

Log Locations

Nginx Logs

Nginx Error Log Location

  • This is the main error log. Generally only severe errors are going to show up here.

/var/log/nginx/error_log

Nginx vhost-error_log Location

  • This is error log used by each domain. This is more in line with some of the errors you will see in /usr/local/apache/logs/error_log. Missing files,bad perms etc.

/var/log/nginx/vhost-error_log

Nginx domlogs Location

  • Each domain will have it's own file here. Same as domlogs for Apache.

/usr/local/apache/domlogs/domain.com


cPanel, WHM and webmail

Poweredby.gif

cPanel Login Log File Location

  • Login attempts to cPanel

/usr/local/cpanel/logs/login_log

cPanel Account and Misc Log File Location

  • Account transfers and Misc. logs

/var/cpanel/logs/

cPanel User Bandwidth Usage Log File Location

  • Per-account bandwidth history

/var/cpanel/bandwidth/<USERNAME>

cPanel Service Status Log File Location

  • Service status logs

/var/log/chkservd.log

cPanel Error Log File Location

  • cPanel error log

/usr/local/cpanel/logs/error_log


cPanel Panic Log File Location

  • cPanel panic log

/usr/local/cpanel/logs/panic_log

cPanel Backup Log File Location

  • Backup logs

/usr/local/cpanel/logs/cpbackup/

cPanel Update Log File Location

  • Update log

/var/cpanel/updatelogs/update-<TIMESTAMP>.log

cPanel Mailman Log File Location

  • Mailman Logs

/usr/local/cpanel/3rdparty/mailman/logs/

cPanel Audit Log File Location

  • Auditing log (account creation, deletion, modification, etc.)

/var/cpanel/accounting.log

cPanel Access Log File Location

  • Access log and user actions in cPanel

/usr/local/cpanel/logs/access_log


cPanel Website Stats Log File Location

  • Website statistics logs

/usr/local/cpanel/logs/stats_log

cPanel License Log File Location

  • License updates and errors

/usr/local/cpanel/logs/license_log

cPanel cPHulkD Log File Location

  • cPHulkD log

/usr/local/cpanel/logs/cphulkd.log

cPanel cPHulkD Error Log File Location

  • cPHulkD error log

/usr/local/cpanel/logs/cphulkd_errors.log

cPanel Tailwatch Log File Location

  • Tailwatch driver (tailwatchd) log

/usr/local/cpanel/logs/tailwatch_log


cPanel EasyApache Build Log File Location

  • EasyApache build logs

/usr/local/cpanel/logs/easy/apache/

cPanel Installation Log File Location

  • Installation log

/var/log/cpanel*install*

cPanel SquirrelMail Log File Location

  • SquirrelMail

/var/cpanel/squirrelmail

cPanel Roundcube Log File Location

  • RoundCube

/var/cpanel/roundcube/log

cPanel Horde Log File Location

  • Horde

/var/cpanel/horde/log

Scripts to Parse Apache Dom Logs

This command will get the first row(IP) from each entry in a dom log and count the connections

cat domain.com | awk '{ print $1 }' | sort | uniq -c | sort -rn

This can be used to find out what sites are acting as referrers to the site on the server. Sometimes legit, other times not legit

grep  17/Jul/2012 /usr/local/apache/domlogs/domain.com  | grep -v http://www.domain.com | grep -v Monitor| egrep -o '(GET|POST)'\ [[:alnum:][:graph:]]* | sort | uniq -c | sort -rn | head