1. B

    Cloudflare shows user real IP in my site but not in the logs (CF IPs getting blocked by mod_qos)

    Hello, I have fixed users real IP by help of cpanel and this link: https://support.cpanel.net/hc/en-us/articles/360051107513-Restoring-visitors-IP-with-mod-remoteip But the problem is now that in the logs it still shows cloudflare IPs and when an attack happens mod_qos or evasive blocks...
  2. N

    Clamav Error In Logs

    Hey everyone, received this error the last 3 days but before that all worked fine. Any ideas why this is happening? Server details: Centos 7.9 2009 Standard cPanel Version 104.0 (build 7) Apache Version 2.4.54 PHP Version 7.4.30 MySQL Version 5.7.39 Architecture x86_64...
  3. A

    cPanel metrics error logs taking 2 minutes or more

    Hey All, Since the latest update we've received complaints that Metrics/Errors is taking forever to load. Minutes sometimes and there is barley anything there. All other metrics load fast with no issue. Anyone come accross this? Thanks
  4. schoeps

    Log rotation of User logs (/home/username/logs)

    Is there an easy way to set the cap for these log files or just delete them en masse? It's unreasonable to deal with a logfile over a few megs and from time to time, users are hitting their disk cap because of these unruly logs.
  5. Spirogg

    easyapache 30 update seeing some errors?

    [2022-03-30 22:14:35 -0500] info [xml-api] Upgrading : ea-php80-php-fpm-8.0.17-1.2.3.cpanel.x86_64 41/218 [2022-03-30 22:14:35 -0500] info [xml-api] Running scriptlet: ea-php80-php-fpm-8.0.17-1.2.3.cpanel.x86_64 41/218 [2022-03-30 22:14:35 -0500] info [xml-api]...
  6. Spirogg

    In Progress CPANEL-40251 - While using Ubuntu a cPanel email shows wrong logs to search for

    Hello sorry I do t k ow how to word this any better. I have been testing Ubuntu and cPanel 102.08 more today. I got an error email and it says this below Log Messages The system could not provide log messages for “nginx” because it failed to read all of the potential log files with the...
  7. Spirogg

    SOLVED CPANEL-40250 - Change Logs are still showing 102.06 after upgrading to 102.07

    @cPRex @cPanelAdamF Whom ever is responsible for added change logs to cPanel they forgot to add 102.07 they are only showing v102.06 even though we upgraded and are on 102.07 and 102.08 still shows change log for 102.06 only in cPanel so maybe they forgot to add but its not showing latest...
  8. A

    Server IP showsing up in acess logs

    I noticed recently (since we had an attack on a website) that all of the logs on the server show up as the server's IP is the visitor. It's the same if I check WordFence on WordPress sites, visitors in cPanel of the sites, and logs straight on the server. I don't have this issue on other...
  9. Y

    In Progress ZC-9660 - Apache HTTPS access logs cannot correctly logged to ssl_log file after NGINX installed

    Hello, I recently installed NGINX reserve proxy on my server, and found that both Apache HTTP&HTTPS access are logged to the same file: /var/log/apache2/domlogs/<DOMAIN> I then manually change sslport argument in http.conf from port 444 to port 443, ie: CustomLog...
  10. H

    Accounts Terminated logs

    I need to find out the account terminated logs of a particular reseller child accounts from the last two months. is it available from accounting.log???
  11. J

    SOLVED mod_security logs HUGE and Failed to access DBM file entries

    Hello. I hope everyone is safe and healthy and taking care of themselves and their loved ones. In my /var/log/apache/error_log file as of today the beginning entry is May 18, 2021. When I search for information about trimming this file (if it's okay to do so) I see reports that there should...
  12. N

    Question Regarding Apache Access Logs

    Hello, I am concerned by some logs I have seen lately and need some clarification as to what they mean? Here is one of them: - - [23/Dec/2021:15:36:33 -0800] "GET http://www.soso.com/ HTTP/1.1" 200 163 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)...
  13. J

    Meaning of (root) LIST (root) entry in cron logs

    Hello. Anyone know of the meaning of a cron log entry: Dec 15 22:31:00 xxxxx crontab[6034]: (root) LIST (root)
  14. durangod

    Displaying Error Log in DESC order

    Hi, is there a way to set the server error_log file for the domains so that is shows in DESC order. I know the server appends to whatever is there, can that be changed?
  15. J

    SOLVED mod_sec conficting information in logs Failed to access DBM

    Hello. I hope everyone is safe and healthy. I've been having an issue with conflicting log information. When ruid is ON I am recieving the following conflict between two logs and despite the bad error in apache error logs users are reportin a mix of pages loading and some report pages don't...
  16. H

    Location of Logs

    From which location i will get the following log details. - root [07/08/2021:11:52:03 -0000] "GET /cpsess4565082798/scripts12/terminal HTTP/1.1" 200 0 "https://server.myhosting.com:2087/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)...
  17. S

    Reading the Imunify logs

    Hello, Im trying to make a comand line here either with grep grep domainname /var/log/imunify360/console.log or using something like imunify360-agent get but I cant get around it. Thing is data in the /var/log/imunify360/console.log file is not really user friendly and I'd like to extract there...
  18. S

    Turn off apache logs per domain?

    I have a bunch of domains as usual. can I turn off logging for any of them individually? So domain??? won't get log files anymore at these locations? I'm using the latest cPanel/WHM v94.0.11. eg. /apps/apache/logs/domlogs/someuser/domain??? and /home/someuser/access-logs/domain???
  19. P

    How to find hackers access point

    One of the accounts on the server had a file changed by a hacker. I was able to find the hackers IP in the access log. The entry in the log indicated the change was made via cpanels file manager so I searched the logs to see if I could find how that IP logged in. The only thing I could find for...
  20. J

    modsec_audit always empty

    Hello. In my attempt to track down a malicious IP address attacking the server I've been looking at logs. Not only cannot I not find the malicious IP address in any logs which I know was attacking because a different service has logged it in it's application and it shows in that database -...