Apache Log Viewer

General Info
Hello all, Ive decided to release my first semi-hack for the administration side of things.

This script as stated in the name itself is for viewing a specified / sorted Apache Combined Access Log File in vbulletin, but it is very specific.

In general this script will do 3 things, list IP's grouped by total times that IP has appeared in logfile, along with its first access time and its newest, particularly useful for a multitude of things.

In my case, I had a person using a proxy clicker, and I really didnt want to delve into squinting at my Apache Log File to determine which IP's were bad and which weren't so I thought (Hey ! Why don't I make something to count the number of times the IP sent a request to Apache) so yes thats basically what this does, nothing more and nothing less.

If you want to know what IP's are connecting to your server in some situation, and which ones to block - here you go.

Details
This script offers a default (connects per ip) so it filters out the minute connections that normal people have, which you can change in the file, also the script auto builds some higher counts to limit it to. Ie (pp=1000) would limit output to IP's that had atleast 1000 request to apache and so on. Also you can click on an IP to view its Hostname info, if you want that stuff.

Important
As many people know, your access log files can be Massive and thus this script will in most cases for a normal site Not run if your Memory Limit is set too low. Lots of people dont like doing this, but the Memory is released as the script is run, so its not constantly hogging memory, its just briefly using it to load the access log and parse it.

Instructions
Open script in some editor, edit the configurations. Save it, and upload to your webserver in your forums admin directory and point your browser to it. Easy as that.

LogFiles
Please make sure your logfiles are setup generally in this way, if not; tell me how it is, and I will make script able to accept various logfile setups.

Code:

xxx.xxx.xxx.xxx - - [21/Jun/2004:13:54:21 -0400] "GET /folder/whatever.jpg HTTP/1.1" 200 - "http://reffer" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; DigExt)"

You can adjust PHP Memory Limit in 2 ways:
1. Raise your memory limit in the PHP.ini file (i recommend atleast 60 - you may need even more)
2. Raise your memory limit in the Apache virtual host containers for your Domain Name so that the memory limit is adjusted JUST for your domain. (php_admin_value memory_limit 60M) is an example entry for 60 Megabytes.

[The Realist]

A line from which log M8

/usr/local/apache/logs/error_log
/usr/local/apache/logs/access_log
/usr/local/apache/domlogs/sitename.com

Quote:

Originally Posted by Trigunflame

Do you have an example line from your logfile? I can try to make it work for it.

[Boofo]

Quote:

Originally Posted by The Realist

Apache / WebSite Logs

/usr/local/apache/logs/error_log
/usr/local/apache/logs/access_log
/usr/local/apache/domlogs/sitename.com
/var/log/messages
/var/log/dmesg
/var/log/maillog
/var/log/exim*
* = All files starting with exim are important to view and monitor
/usr/local/apache/logs/*
* = All log files inside the above directory are important to view and monitor
/usr/local/cpanel/logs/*
* = All log files inside the above directory are important to view and monitor
Server Login/Access Logs
/var/log/secure
/var/log/logins_log
CPanel Logs
/usr/local/cpanel/logs/access_log

How do I view these logs?

Login to SSH as root, or as another user and su to root.
pico -w <log file path & name here>
Example: pico -w /var/log/maillog
To view the files inside the * directories you simply type.
cd <directory>
ls

View your logs in realtime

tail -f <complete_file_name>

How do I set these up to view with this hack?

[Trigunflame]

Just post a line from the log

/usr/local/apache/domlogs/ursite.com

And Ill make it work for you, although it should already.. to use the script itself, you just upload it to your admin directory and point your browser to it.

[dwh]

Doesn't raising your php limit potentially cause problems? You can have runaway processes? Has anyone had trouble with this?

Edit: I tried this out. It looks like a nice hack but I get permission denied. I turned off jailshell and can access the log from ssh, but it won't let me look at it from that apache_parse.php. Any ideas?

Using cpanel.

[BamaStangGuy]

/home/httpd/vhosts/mustangevolution.com/statistics/logs/access_log

Thats where mine are located... so what do I put in the file?

[cyt0plas]

Quote:

Originally Posted by dwh

Doesn't raising your php limit potentially cause problems? You can have runaway processes? Has anyone had trouble with this?

Edit: I tried this out. It looks like a nice hack but I get permission denied. I turned off jailshell and can access the log from ssh, but it won't let me look at it from that apache_parse.php. Any ideas?

Using cpanel.

I've never done much with cPanel, but it's probably an issue with php's safe_mode or something similar. In safe mode, a script cannot open a file owned by another user.

Find out what user owns the log files, and change the ownership of the php script to the same user.