Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Script to grep through all servers logs?

Discussion in 'General Discussion' started by noimad1, Apr 2, 2009.

  1. noimad1

    noimad1 Well-Known Member

    Joined:
    Mar 27, 2003
    Messages:
    627
    Likes Received:
    0
    Trophy Points:
    166
    I would like to know if anyone has any ideas how I might be able to accomplish this:

    I'd like to have a script I can install on all of my servers that I can pass a variable to from a single source (like a secure web page). I would like to create one single website that can evoke this script on all servers to search my messages log.

    So it would work like this:

    I go to my secure web page and do a search an IP address. That page goes to each of my servers and grep's my messages log for that IP address.

    This would be extremely helpful to me to hunt down these iframe type hacks were they are logging in with users passwords across all servers.

    So basically if I find an IP address that is attacking I can quickly look through my other servers to see if it has attacked any of my other servers as well.

    Do you think this would be possible?
     
    #1 noimad1, Apr 2, 2009
  2. noimad1

    noimad1 Well-Known Member

    Joined:
    Mar 27, 2003
    Messages:
    627
    Likes Received:
    0
    Trophy Points:
    166
    Anyone have any ideas on how this could be accomplished?
     
    #2 noimad1, Jun 5, 2009
  3. PlatinumServerM

    PlatinumServerM Well-Known Member
    PartnerNOC

    Joined:
    Jul 10, 2005
    Messages:
    400
    Likes Received:
    3
    Trophy Points:
    168
    Location:
    New Jersey, USA
    cPanel Access Level:
    Root Administrator
    You can make a simple script to just run the grep command and output the results to a text file.
     
    #3 PlatinumServerM, Jun 9, 2009
  4. noimad1

    noimad1 Well-Known Member

    Joined:
    Mar 27, 2003
    Messages:
    627
    Likes Received:
    0
    Trophy Points:
    166
    What I'm looking to do is do this dynamically. I'd like to be able to create like a form behind a protected location that I can type in something like an IP address, and it will grep through multiple servers messages log to find it....

    That way when lets say one of my servers get's attacked by like this iframe attack, I can see which IP address it is from, grep through all my servers to see if any other sites were attacked. Right now i have to log into each individual server to grep the logs.
     
    #4 noimad1, Jun 9, 2009
  5. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    8
    Trophy Points:
    193
    What you ask is actually fairly simple to do. I'm not sure your exact configuration
    but if your servers can communicate directly, you can just run a rsync or rcp command
    from script to get the log files from all servers updated in a common location and then
    run greps through them all at once. This could even be updated on a cron basis too.

    Personally I take things a step beyond that myself and make all the servers
    I deal with a bit self aware and automatically shutdown any attack themselves
    and report to me when anything significant shows up so the attacks are
    already blocked even before I review all the log files routinely.
     
    #5 Spiral, Jun 11, 2009
  6. noimad1

    noimad1 Well-Known Member

    Joined:
    Mar 27, 2003
    Messages:
    627
    Likes Received:
    0
    Trophy Points:
    166
    I guess i never thought about rsyncing all the logs to a general location. It's not quite as efficient as what I was originally thinking, but I could probably get that to work.
     
    #6 noimad1, Jun 15, 2009
(You must log in or sign up to post here.)
Loading...
Similar Threads - Script grep through
  1. Ishware

    BASH script: Get username or domain given one or the other

    Ishware, Apr 19, 2018 at 11:05 AM, in forum: cPanel Developers
    Replies:
    2
    Views:
    55
    cPanelMichael
    Apr 19, 2018 at 1:53 PM
  2. Bashed

    Malicious Spam Scripts

    Bashed, Apr 10, 2018, in forum: Security
    Replies:
    2
    Views:
    72
    cPanelMichael
    Apr 11, 2018
  3. MattGarner

    Perl script not creating file

    MattGarner, Apr 4, 2018, in forum: General Discussion
    Replies:
    5
    Views:
    85
    cPanelMichael
    Apr 6, 2018
  4. mariusfv

    cPanel update error - “/usr/local/cpanel/scripts/migrate_local_ini_to_ph p_ini”

    mariusfv, Mar 29, 2018, in forum: EasyApache
    Replies:
    7
    Views:
    195
    cPanelMichael
    Apr 9, 2018
  5. ema_eltuti

    Bash script get user info

    ema_eltuti, Mar 26, 2018, in forum: cPanel Developers
    Replies:
    3
    Views:
    81
    cPanelMichael
    Mar 26, 2018

Share This Page