Apache logs issue

**chrismfz** · 07-29-2007, 12:39 PM

Hello people.

I have a vps with cpanel on it.
From time to time I use the netstat to see the connections and their status
of the server. Having some weird results about httpd (apache connections)
I was wondering how I can see quickly which ip accessed a site.
Example, if I have a connection to httpd from 1.1.1.1 how can I see 'quick'
which domain (vhost) is looking at and what information.
I know (I hope) it is the access_log but if I have lots of domains I cannt
search each log per domain/subdomain/etc separately, its a torture.

Is there any other method or a specific $find parameters to do that
(find man page is a torture too)

Thank in advance,
Chris

**chrismfz** · 07-29-2007, 02:37 PM

Anyway, I found a solution. Quick n dirty but it suits my needs.
For anyone who wants to use/see it:

#!/bin/bash

if [ "$1" = "" ]
then
echo "Give ip!"
exit 0
fi

cat /usr/local/apache/domlogs/* > /tmp/huge_file
grep $1 < /tmp/huge_file
#rm -fr /tmp/huge_file

EOF
not a big deal but it works for me

**paritybit** · 07-29-2007, 02:43 PM

Code:

cat /usr/local/apache/domlogs/* > /tmp/huge_file
grep $1 < /tmp/huge_file

I am guessing a somewhat nicer solution may be

Code:

cat /usr/local/apache/domlogs/* | grep $1

Should reduce some disk IO and might even be a bit quicker, unless of course you wanted to keep huge_file

Oh as a side note grep $1 /tmp/huge_file should work just as well as grep $1 < /tmp/huge_file

**paritybit** · 07-29-2007, 02:47 PM

Sorry you could also use

Code:

grep $1 /usr/local/apache/domlogs/*

or

Code:

grep $1 -R /usr/local/apache/domlogs/*

if you wanted to recurse through all the subdirectories.

Argh, sorry for muddying the waters but yeah, there are a few ways to get around using a tempfile.

This solution would output the logfile that the match comes from as well as the line it matches which may be useful.

**chrismfz** · 07-29-2007, 05:14 PM

I just thought that creating a mass log with all logs first i can grep it
more than one time if I want to use it again the same time

Thanks for the tips

Chris

**thisisit3** · 07-30-2007, 12:11 AM

If you want to look at the "current" state of apache, you can just look at the "Apache Status" page which can be found in WHM. It shows the IP addresses that are accessing your server and the virtual host they are looking at.

**JPC-Masood** · 07-30-2007, 09:03 AM

For cpanel only: You can parse the output or grep the IP of this page: http://localhost/whm-server-status

**thisisit3** · 07-31-2007, 12:14 AM

Here i found ANOTHER cpanel bug. Looking at my apache logs i found out lots of 404 errors for the status page.

Apparently, cpanel changes the default "/server-status" and makes it "/whm-server-status", but it still uses "/server-status" in some cases.

The solution is simple, edit your /etc/httpd/conf/httpd.conf and add the original "/server-status" above the whm modified one, so it looks like:

Code:

<Location /server-status>
    SetHandler server-status
    Order deny,allow
    Deny from all
    Allow from 127.0.0.1
</Location>

<Location /whm-server-status>
    SetHandler server-status
    Order deny,allow
    Deny from all
    Allow from 127.0.0.1
</Location>

Then you'll have both and you won't get 404 errors in your /etc/httpd/logs/.

LinkBack

Thread Tools

Display

Apache logs issue

Bookmarks

Bookmarks

Posting Permissions