The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Script to grep through all servers logs?

Discussion in 'General Discussion' started by noimad1, Apr 2, 2009.

  1. noimad1

    noimad1 Well-Known Member

    Joined:
    Mar 27, 2003
    Messages:
    627
    Likes Received:
    0
    Trophy Points:
    16
    I would like to know if anyone has any ideas how I might be able to accomplish this:

    I'd like to have a script I can install on all of my servers that I can pass a variable to from a single source (like a secure web page). I would like to create one single website that can evoke this script on all servers to search my messages log.

    So it would work like this:

    I go to my secure web page and do a search an IP address. That page goes to each of my servers and grep's my messages log for that IP address.

    This would be extremely helpful to me to hunt down these iframe type hacks were they are logging in with users passwords across all servers.

    So basically if I find an IP address that is attacking I can quickly look through my other servers to see if it has attacked any of my other servers as well.

    Do you think this would be possible?
     
  2. noimad1

    noimad1 Well-Known Member

    Joined:
    Mar 27, 2003
    Messages:
    627
    Likes Received:
    0
    Trophy Points:
    16
    Anyone have any ideas on how this could be accomplished?
     
  3. PlatinumServerM

    PlatinumServerM Well-Known Member
    PartnerNOC

    Joined:
    Jul 10, 2005
    Messages:
    397
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    New Jersey, USA
    cPanel Access Level:
    Root Administrator
  4. noimad1

    noimad1 Well-Known Member

    Joined:
    Mar 27, 2003
    Messages:
    627
    Likes Received:
    0
    Trophy Points:
    16
    What I'm looking to do is do this dynamically. I'd like to be able to create like a form behind a protected location that I can type in something like an IP address, and it will grep through multiple servers messages log to find it....

    That way when lets say one of my servers get's attacked by like this iframe attack, I can see which IP address it is from, grep through all my servers to see if any other sites were attacked. Right now i have to log into each individual server to grep the logs.
     
  5. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    What you ask is actually fairly simple to do. I'm not sure your exact configuration
    but if your servers can communicate directly, you can just run a rsync or rcp command
    from script to get the log files from all servers updated in a common location and then
    run greps through them all at once. This could even be updated on a cron basis too.

    Personally I take things a step beyond that myself and make all the servers
    I deal with a bit self aware and automatically shutdown any attack themselves
    and report to me when anything significant shows up so the attacks are
    already blocked even before I review all the log files routinely.
     
  6. noimad1

    noimad1 Well-Known Member

    Joined:
    Mar 27, 2003
    Messages:
    627
    Likes Received:
    0
    Trophy Points:
    16
    I guess i never thought about rsyncing all the logs to a general location. It's not quite as efficient as what I was originally thinking, but I could probably get that to work.
     
Loading...

Share This Page