Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Deleting log files

Discussion in 'General Discussion' started by panit, Oct 31, 2018.

  1. panit

    panit Active Member

    Joined:
    Aug 14, 2013
    Messages:
    33
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Reseller Owner
    Is it OK to delete log files? The /usr/local/apache/logs/error_log is over 5 GB so reading it is difficult. The majority of errors are due to CloudLinux but I can't update until I get all accounts on the server changed to use the new MySQL naming schema.
     
  2. GOT

    GOT Get Proactive! PartnerNOC

    Joined:
    Apr 8, 2003
    Messages:
    1,369
    Likes Received:
    153
    Trophy Points:
    193
    Location:
    Chesapeake, VA
    cPanel Access Level:
    DataCenter Provider
    You can, but you need to hard restart apache to actually get rid of it.

    You should look at service config-apache config-log rotation in whm and make sure its set to rotate the logs.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,009
    Likes Received:
    2,123
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @panit,

    Can you confirm that error_log is selected in WHM >> Apache Configuration >> Log Rotation? If so, it should be rotated when it reaches the value configured for Log Rotation Size Threshold under the Stats and Logs tab in WHM >> Tweak Settings.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. panit

    panit Active Member

    Joined:
    Aug 14, 2013
    Messages:
    33
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Reseller Owner
    I'm sorry but I made a mistake with which log it is. The one I mentioned is under 300 MB and is listed in the WHM settings so that is working correctly. The one I meant is /var/lib/mysql/my server.com.err. That's why I mentioned the mysql errors. Is there a setting that controls that log file?
     
  5. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,009
    Likes Received:
    2,123
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @panit,

    MySQL documents how to maintain the error log file at:

    MySQL :: MySQL 5.7 Reference Manual :: 5.4.2.6 Error Log File Flushing and Renaming

    Going forward, you can setup log rotation for MySQL by customizing the /etc/logrotate.d/mysql file:

    Code:
    # The log file name and location can be set in
    # /etc/my.cnf by setting the "log-error" option
    # in [mysqld]  section as follows:
    #
    # [mysqld]
    # log-error=/var/log/mysqld.log
    #
    # For the mysqladmin commands below to work, root account
    # password is required. Use mysql_config_editor(1) to store
    # authentication credentials in the encrypted login path file
    # ~/.mylogin.cnf
    #
    # Example usage:
    #
    #  mysql_config_editor set --login-path=client --user=root --host=localhost --password
    #
    # When these actions has been done, un-comment the following to
    # enable rotation of mysqld's log error.
    #
    
    #/var/log/mysqld.log {
    #        create 640 mysql mysql
    #        notifempty
    #        daily
    #        rotate 5
    #        missingok
    #        compress
    #    postrotate
    #       # just if mysqld is really running
    #       if test -x /usr/bin/mysqladmin && \
    #          /usr/bin/mysqladmin ping &>/dev/null
    #       then
    #          /usr/bin/mysqladmin flush-logs
    #       fi
    #    endscript
    #}

    Let me know if you have any additional questions.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. panit

    panit Active Member

    Joined:
    Aug 14, 2013
    Messages:
    33
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Reseller Owner
    Thank you for that. It has been done and appears to be working. But the log file is only a day old has is already at 3 MB. It is mainly due to entries with "Access denied for user...". Does that mean the server denied access because the IP is in the firewalls deny file or that access was denied because they were trying to access a non-existent location? If it is the former, is there a way to stop that being recorded? It doesn't serve any useful purpose that I can see and will make finding real failure more difficult to see.
     
  7. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,009
    Likes Received:
    2,123
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @panit,

    That entry shouldn't relate to a firewall rule because a a firewall rule would prevent access to MySQL all together. Can you let us know the full line that's recorded in the MySQL error log as it pertains to "Access denied for user"?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. panit

    panit Active Member

    Joined:
    Aug 14, 2013
    Messages:
    33
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Reseller Owner
    There are two forms of the messages. The first one, with that same IP, appears 790 times in the log for the last 24 hours. There are other entries of both types but with different IP's.

    2018-11-05 11:58:52 139637214775040 [Warning] Access denied for user 'mysqld'@'222.186.46.180' (using password: YES)
    2018-11-05 12:21:42 139637843568384 [Warning] Access denied for user 'root'@'142.252.248.76' (using password: NO)
     
  9. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,009
    Likes Received:
    2,123
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @panit,

    Do you have the MySQL port (3306) restricted with firewall rules? If not, you may want to use a firewall management utility such as CSF to do so:

    ConfigServer Security & Firewall (csf)

    With the default CSF firewall rules, MySQL will still function for local connections, but you will need to whitelist IP addresses for users that connect to their databases from external servers.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  10. panit

    panit Active Member

    Joined:
    Aug 14, 2013
    Messages:
    33
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Reseller Owner
    I apologize for the delay. The reason for this post was because I needed to find attacking IP's. They have continued and the server has hung many times as a result. So I've been busy blocking IP ranges and it seems to have stopped them, for now at least.

    CSF is installed but I have port 3306 open so it can be accessed from a program I use locally. There are also a few clients on the server that need such access. Since my IP, and those of the clients, are not static, I'm assuming there's no way to prevent these messages since the port is open. Is that correct.
     
  11. GOT

    GOT Get Proactive! PartnerNOC

    Joined:
    Apr 8, 2003
    Messages:
    1,369
    Likes Received:
    153
    Trophy Points:
    193
    Location:
    Chesapeake, VA
    cPanel Access Level:
    DataCenter Provider
    Leaving port 3306 open in the firewall is almost certainly going to cause you problems, its not advisable.

    However, if you are seeing the attacks in the apache logs, then that would not be related to mysql port being open.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  12. panit

    panit Active Member

    Joined:
    Aug 14, 2013
    Messages:
    33
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Reseller Owner
    How does one close the port while allowing access from external programs? Or is that not possible?

    If the errors are not related to that port, then how do I stop them?
     
  13. GOT

    GOT Get Proactive! PartnerNOC

    Joined:
    Apr 8, 2003
    Messages:
    1,369
    Likes Received:
    153
    Trophy Points:
    193
    Location:
    Chesapeake, VA
    cPanel Access Level:
    DataCenter Provider
    If you close it in the firewall then you would need to whitelist IPs, but with changing Ips that gets to be a hassle. Some software allows you to use an SSH tunnel and if yours does then you could go that route instead. I would suggest changing the port that SSH listens on so that does not get attacked as well.

    As for the attacks, you need to determine WHAT is being attacked first. You can do this by looking at the netstat output and seeing what ports are getting hammered.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  14. panit

    panit Active Member

    Joined:
    Aug 14, 2013
    Messages:
    33
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Reseller Owner
    Thank you for the suggestions. I tried netstat but there is way too much displayed to try to figure out what is going on. I will just live with it. It is better than when I started this thread so that is good.

    It would be nice, in my opinion, if cpanel had an option to prevent the showing of the access denied messages. If they are just showing that the connection was blocked, they don't seem to serve any purpose at all.
     
  15. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,009
    Likes Received:
    2,123
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @panit,

    When these users are making the remote connections to MySQL databases, are they first browsing to the Remote MySQL option in cPanel to grant remote access to their IP addresses? If so, you could develop a script that takes the IP address entered on this option and adds it to the CSF whitelist for port 3306. To do this, you'd create the custom script and configure it to run automatically via a hook every time a new IP address is authorized via the Remote MySQL option in cPanel:

    Guide to Standardized Hooks - Developer Documentation - cPanel Documentation

    The following location should be helpful if you are looking for a file to fetch the customer's IP address from in your custom bash script:

    Code:
    /var/cpanel/databases/grants_$username.yaml
    Here's the specific UAPI call you'd hook into at the post stage:

    Code:
    Cpanel::UAPI::Mysql::add_host
    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice