I’m using CentOS with Cpanel, using Apache a may easily check IP connection to the server but with LiteSpeed I can’t see the IP connected to a specific domain.
May someone help me out?

Thanks

1 comment

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
1 answer

Hello, @babeji4764

If you want to monitor the incoming traffic for your sites, you can simply tail the access logs for each domain name. You can also tail the domlogs to monitor the whole incoming traffic on your server.

The directory is: /usr/local/apache/domlogs/username

This directory contains the log data for the user’s account, which exists on a webserver that runs EasyApache 3.

The system creates this directory when the cPanel Log Rotation Configuration (cpanellogd) daemon compresses and archives the data that resides in the /usr/local/apache/domlogs/domain-ssl_log and the /usr/local/apache/domlogs/domain files. This process begins when the /usr/local/cpanel/scripts/upcp script runs and the system analyzes the log data.

Note:

You can also perform this process for individual users with the /usr/local/cpanel/scripts/runweblogs command.

The system also performs the following actions:

Adds a link to the /usr/local/apache/domlogs/username directory in the /home/username/access_logs directory.
Adds a symlink to the log data backup file in the user’s /home/username/logs directory during the archive process. This symlink allows you to access this file while the system archives the file.
The symlink’s name reflects the log file’s name, and may contain a .bkup file extension.

Notes:

domain represents a domain on the cPanel account.
username represents the cPanel account's username.

Let me know if you have any questions.

Regards,
Alex

  • Thanks! is there from shell to see them in realtime basically had some attacks and could not track the attackers IP

    Thanks

    • Yes, as mentioned you can tail the logs and see the entries in real time. In order to do that you can use the following commands:

      tail -f /usr/local/apache/domlogs/username
      tail -f /home/username/access_logs/domain
      

      You can also use:

      tail -n 0 -f /usr/local/apache/domlogs/* 2>/dev/null | grep "POST\|GET\|HEAD"
      

      In this way you will see whole incoming traffic on your server.

      Let me know if you have any questions.

      Regards,
      Alex

Submit an Answer