SOLVED Best method to track down offending ip address?

jeffschips

Well-Known Member
Jun 5, 2016
210
22
68
new york
cPanel Access Level
Root Administrator
Hello.

I hope everyone is doing well and is safe and healthy.

I'm having difficulty tracking down the "track record" of an offending ip address in cpanel logs. The offending ip address is reported in a mautic installation over a period of hours from yesterday evening.

I can't find any reference to this ip address in any logs across the server and I'm pretty certain there may be some files somewhere where the details of the interaction exist.

/var/log/apache2/ and all it's subdirectories have no recollection of the ip address.
/usr/local/cpanel/logs/ and it's subdirectories recalls nothing.
/var/log and its files just tells me to get lost. . .

Is there a preferred method to search ALL cpanel logs across the entire bare metal for a specific IP address?

Thanks.
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
7,418
1,000
313
cPanel Access Level
Root Administrator
Hey there! Can you get me more details with what you mean by "offending" IP address? If you can be more specific about the disruption the IP is causing that would let us get you better details.

Since the logs are scattered across the server based on the service they represent, there isn't one command or method to search them all at once.
 

jeffschips

Well-Known Member
Jun 5, 2016
210
22
68
new york
cPanel Access Level
Root Administrator
Hi!
I'm checking with the developers of the software to find out from which system log files their reporting pulls the IP address from. Will update as soon as I hear.

Thanks.
 

jeffschips

Well-Known Member
Jun 5, 2016
210
22
68
new york
cPanel Access Level
Root Administrator
SOLVED:

The data I needed was contained in archived logs accessible via cpanel archived logs.

For some reason I can never find those compressed files via command line and always need to revert to cpanel interface for archived logs. . .

Here is how to grep compressed files from command line:

zgrep "ip-address-searching-for" *.gz
for all occurrences of a specific ip address against all log files

All is good.
 
Last edited:
  • Like
Reactions: cPRex