Firstly this question is not related to running a web hosting business, but to dedicated servers hosting our own websites.
I was just wondering, other than security reasons, what is the importance (if any) of keeping Apache/WWW logs? Are there legal reasons?
If it is best to keep Apache logs, how should we go about this? If we don't look after them properly there will be massive amounts of logs being kept - what is the best way to store them? I know they can be "rolled over" and kept for a certain amount of time, which is the best utility to do this?
The OS is Linux (CentOS) and the web servers are Apache and Lighttpd.
and should proxy/gateway/cache server logs be kept?
Does anyone have an app they use to track the bandwidth/usage for each connected computer/server?
we have multiple servers hooked up to one internet connection, all running miscrosoft windows software. Ideally i would like ONE of the servers running microsoft 2003 to log all others network usage.
All the servers do different things, so it would be great to check which are under most demand etc.
The other thing is, naturally i dont have screens for them all, only one. So this is the main reason for remote logging. Would be hassle to have to Remote desktop into each one to check how there doing every hour etc.
I just bought a new dedicated server and have got Lxadmin on it. Now lxadmin , automatically uses a different loggin system than I would want it to use. It creates a seperate log file for each doamin.
They are located in /home/httpd/EXAMPLE.com/stats
EXAMPLE.com-error_log EXAMPLE.com-custom_log
Now the problem is that I have literally hundreds of domains and I want it to instead log at a single place and not at these hundreds of seperate places.
This is the root cause of my problem
# The location and format of the access logfile (Common Logfile Format). # If you do not define any access logfiles within a <VirtualHost> # container, they will be logged here. Contrariwise, if you *do* # define per-<VirtualHost> access logfiles, transactions will be # logged therein and *not* in this file.
I am unable to have any kind of centralised logging command because of the individual entries for each Virtual host.
Even if i can manually remove those entries once, and new domain created by lxadmin will have that same problem. Morevoer, any kind of update of lxadmin which rebuilds the database will also ruin all the hardwork that I put in.
Is there any suggestion / solution to this problem? Have centralised data at one place in a single file?
We have quite a large number of servers now but I'm now finding it harder and harder to keep log of the number of details for it. How do the bigger guys keep control on this? Ie: Keeping logs of the serial/product keys of each part in the server, where they were ordered from, what date was it ordered etc?
My collection of growing motherboard, ram, processor boxes (which all store the serials of the products on) are now slowly taking over the office even when flat packed. I normally just write on each of the boxes where the product was ordered from, date of order and server name. While this is all well and good.. 50 servers later it can be a bugger to find the serial of that dedi mobo without going to the DC.
I tried my efforts at a simple Access database but I kept finding I spent more and more time typing in complex keycodes into the DB and just gave up. When this has been done it sounds nice and easy but then I hit another stump.
Ontop of logging a new servers details, how do you log which server is available to be sold, who its been sold too? ATM we have a VPN shared spreadsheet with all the details in (praying that the other employees will actually update it) but Im not sure if it will stand up when it hits 100+ servers rather than the 50+ atm.
Running Apache 2.2.2 and PHP 5.2.5, and my error_logs are filling up with PHP notices. I'd like to turn this feature off, but I must be missing something here. I've edited the php.ini and set error_reporting = E_ALL & ~E_NOTICE, and reloaded apache, but I still get the same php notices over and over again in the httpd error log.
For some reason on a box I have, it takes 25 seconds from the time I hit enter for a usernames password for it to login via SSH. I am running CentOS 4.4
Is there something I can check to see why it is taking so long and/or fix this?
I have Cpanel VPS account, and have been regularly backing up all my outgoing emails (via SMTP, imap or webmail) with the following:
Added to following lines in /etc/antivirus.exim
Code: if first_delivery and ("$h_from:" contains "username@domain.com") then unseen deliver "backup@anotherdomain.com" endif So, this worked well for the longest time. At some point it 'disappeared' and stopped working which I guess was due to some update, and putting it back it got it working again.
Recently, I had a new vps, moved my domain there and dropped the same bit in, but this time around, it didn't work.
Is it possible that antivirus.exim isn't being parsed? How do I check? Or is there somewhere else I can stick it into so it'll always work and not get replaced by some cpanel update?
I'm looking at allowing remote telnet into my server.
like any security-minded administrator, I want to log what my users type on the telnet session.
I'm using the script command to generate transcripts of the users session.
I have /etc/profile set to automatically start the script command to log user activity, and in /etc/bash.bash_logout I have a command that emails me the transcript of the users' session.
All of the above works well except for one thing:
the users can type "exit" to escape from my script logging and any commands they type won't get logged.
commands to log packets temporarily for a certain udp port with the IP information ect.
Any help would be appreciated. As for what I am doing, I am trying to find anything wierd or something that stands out from the packets sent from external IP's to my server.
We have a VPS system running with Plesk but after a nightly automatic update there was a error message in Plesk, with a link to 'fix' the problem. After that Plesk stopped functioning. Now, when we log in with correct credentials (we know its correct because we if incorrect, we get a message its incorrect, so thats working) we're presented with this error:
Error: Call to a member function getName() on a non-object (MainMenu.php:48).
Since some days I have the strange issue that all logings from DrWeb is shown directly into the console. For example if I connect to my Server via SSH and then I sned an email to my email accoutn I see the logging of the spool.
root@************:~# 2015 Mar 25 16:44:57 * 127.0.0.1 [13727] /var/spool/drweb/spool/drweb.tmp.tWcneM - archive MAIL 2015 Mar 25 16:44:57 * 127.0.0.1 [13727] >/var/spool/drweb/spool/drweb.tmp.tWcneM/3.part - Ok 2015 Mar 25 16:44:57 * 127.0.0.1 [13727] >/var/spool/drweb/spool/drweb.tmp.tWcneM/4.part - Ok 2015 Mar 25 16:44:57 * 127.0.0.1 [13727] >/var/spool/drweb/spool/drweb.tmp.tWcneM/5.reexport - Ok 2015 Mar 25 16:44:57 * 127.0.0.1 [13727] /var/spool/drweb/spool/drweb.tmp.tWcneM - Ok
this happens in my root shell. if I disable the Email check then this will not happen anymore. another strange issue is that if I restart drweb and I have more than 1 ssh shell open I see the output of the restart on all shells, this issue is only for drweb not for any other service. How to config drweb to log only into logfile not to the console?
I search the web and the only thing I can find was
[URL]
In the FreeBSD operating system, syslog service can intercept information output by Dr.Web Daemon to the console. In this case, the information is logged character-by-character. That occurs when the logging level is set to *.info in the syslog configuration file (syslog.conf).
I've got a problem at a local customer with rotatelogs.exe and the current release of Apache HTTPD 2.4.12.
I've downloaded the 64-bit zip-file (VC11) and installed the VC11 vcredist in both 32- and 64-bit version.
The project is to upgrade apache 2.2 to apache 2.4. I've adjusted the configuration and added rotatelogs for log rotation for error_log and access_log.
The configuration is 100% correct, I can copy the line to cmd.exe and it runs correctly.
Variables are set in global environment, APACHE_HOME is set with "/" instead of "" to get sure rotatelogs.exe is found.
I am running ubuntu 8.10 installed mysql 5.1.30 from source. i am trying to change passwords for some of the users but I keep getting the error listed in the title. Does anyone know whats going wrong ?
Code: .mysqladmin: Can't turn off logging; error: 'Access denied; you need the SUPER privilege for this operation'
[mysqld] datadir=/var/lib/mysql socket=/var/lib/mysql/mysql.sock # Default to using old password format for compatibility with mysql 3.x # clients (those using the mysqlclient10 compatibility package). old_passwords=1
I have Plesk 11.5 (service provider mode) on a Windows 2008 server IIS7.Most of my sites are developed in .asp and therefore i use a custom 500-100.asp error page that check s the IP of the visitor then displays either a friendly error, or if its my IP a full error of what has happened (it also emails me the error). This allows me to debug pages easily whilst developing and to keep an eye on anyone trying SQL Injection hacks on my sites (as the error and email also have session variables and IP address).I dont have root access to the server as it is a Webfusion dedicated server.I have following the Plesk documentation -
1) Switch on custom errors for the subscription 2) Look in virtual directories and navigate to error documents 3) Find the error in question (500:100) and change it to point at either a file or URL
FILE - I had the data centre add in the 500-100.asp error page in to the virtual template so that my page is available in the list of virtual files - this didn't work but that maybe because its not a static page??
URL - when i add the path it says its incorrect, if i add a fully qualified address, it accepts it but it doesn't work.give me a specific example of the URL that can be entered relative to the root as the format in the documentation isn't accepted. The last step is to restart IIS which is also an issue as i cant seem to do this from the Plesk panel..It is as if it isn't catching the 500:100 error, and only catching the general 500 error??
I am currently running Google Analytics/Urchin 5 (v5.7.02), on a server, the server has started to act up, (on its last legs etc) and now I am trying to transfer the Urchin Software to a new server, where it would work effectively.
However upon installing the urchin software on the new server and running it (localhost:9999), I am presented with An Action Items Page, and these following choices