Logs real time & interacting with log security scanners

jeffschips

Well-Known Member
Jun 5, 2016
338
52
78
new york
cPanel Access Level
Root Administrator
Hello.

I had a great cpanel technical support interaction today (I've never met a better and more professional group of folks than the tech support people at cpanel) where a technician showed me how to implement one single log file that can be tailed in real time for immediate response by a scanner like csf.

My question is this: I'd now like to do away with the separate log files that are created for all the different virtual domains since it will be redundant to have one big real-time file and other log files trying to catch up all the time.

It's been my experience that the standard cpanel install creates log files for each virtual domain and they are not written to in real time - for example, if I tail my /var/logs/apache/error_log files sometimes events don't show up for many minutes after an event has transpired - setting up one file to capture all interactions in real time means I don't have to pick through all the different files to track down an event, examine it and take corrective action - something for example csf is equipped to do but does so only after some minutes of logging now.

Do the participants here see any harm in removing the individual virtual host files and just working with one larger log file? Naturally, I would set the log rotation to something that makes sense.

CORRECTION: The error_log is real time in standard cpanel install, it's the other virtual hosts' access_log that is delayed and oftentimes I need to have csf respond to entries in access_log not error_log and respond in real time, not with delays.
 
Last edited:

SamuelM

Technical Analyst Team Lead
Nov 20, 2019
196
41
103
USA
cPanel Access Level
Root Administrator
Hello @jeffschips,

Thank you for contacting cPanel!

There is normally no delay in logging to the Apache access logs and error log. These logs files should be populated immediately in response to activity in Apache. If you are observing delays in the log files, you are welcome to submit a new ticket so we can investigate that for you.

As for eliminating per-domain logging for Apache access logs and using one large log file instead, this would not cause any harm, but it would cause some features of cPanel to stop working. For example statistics such as AWStats receive data from the Apache access logs for reporting. Personally I find it easier to maintain separate logs for separate domain names for readability, as well as for facilitating access for each individual cPanel user to their own logs. However, that is my opinion, and if you prefer a different configuration you are certainly free to use it!

Please let us know if you have any questions.