SOLVED Best method to track down offending ip address?

[jeffschips]

Hello.

I hope everyone is doing well and is safe and healthy.

I'm having difficulty tracking down the "track record" of an offending ip address in cpanel logs. The offending ip address is reported in a mautic installation over a period of hours from yesterday evening.

I can't find any reference to this ip address in any logs across the server and I'm pretty certain there may be some files somewhere where the details of the interaction exist.

/var/log/apache2/ and all it's subdirectories have no recollection of the ip address.
/usr/local/cpanel/logs/ and it's subdirectories recalls nothing.
/var/log and its files just tells me to get lost. . .

Is there a preferred method to search ALL cpanel logs across the entire bare metal for a specific IP address?

Thanks.

 

[cPRex]

Hey there! Can you get me more details with what you mean by "offending" IP address? If you can be more specific about the disruption the IP is causing that would let us get you better details.

Since the logs are scattered across the server based on the service they represent, there isn't one command or method to search them all at once.

 

[jeffschips]

Hi!
I'm checking with the developers of the software to find out from which system log files their reporting pulls the IP address from. Will update as soon as I hear.

Thanks.

 

[jeffschips]

SOLVED:

The data I needed was contained in archived logs accessible via cpanel archived logs.

For some reason I can never find those compressed files via command line and always need to revert to cpanel interface for archived logs. . .

Here is how to grep compressed files from command line:

zgrep "ip-address-searching-for" *.gz
for all occurrences of a specific ip address against all log files

All is good.

 

[cPRex]

Glad you got the details you needed!