Litespeed and IP connections

November 15, 2019 211 views
Apache Linux Commands

I’m using CentOS with Cpanel, using Apache a may easily check IP connection to the server but with LiteSpeed I can’t see the IP connected to a specific domain.
May someone help me out?

Thanks

1 comment
  • Hi @babeji4764 ,

    Could you share more information about where can I see this IP connection per domain tool with cpanel?
    Is it from WHM control panel or SSH console?

    Best,
    Eric

1 Answer

Hello, @babeji4764

If you want to monitor the incoming traffic for your sites, you can simply tail the access logs for each domain name. You can also tail the domlogs to monitor the whole incoming traffic on your server.

The directory is: /usr/local/apache/domlogs/username

This directory contains the log data for the user’s account, which exists on a webserver that runs EasyApache 3.

The system creates this directory when the cPanel Log Rotation Configuration (cpanellogd) daemon compresses and archives the data that resides in the /usr/local/apache/domlogs/domain-ssl_log and the /usr/local/apache/domlogs/domain files. This process begins when the /usr/local/cpanel/scripts/upcp script runs and the system analyzes the log data.

Note:

You can also perform this process for individual users with the /usr/local/cpanel/scripts/runweblogs command.

The system also performs the following actions:

Adds a link to the /usr/local/apache/domlogs/username directory in the /home/username/access_logs directory.
Adds a symlink to the log data backup file in the user’s /home/username/logs directory during the archive process. This symlink allows you to access this file while the system archives the file.
The symlink’s name reflects the log file’s name, and may contain a .bkup file extension.

Notes:

domain represents a domain on the cPanel account.
username represents the cPanel account's username.

Let me know if you have any questions.

Regards,
Alex

  • Thanks! is there from shell to see them in realtime basically had some attacks and could not track the attackers IP

    Thanks

    • Yes, as mentioned you can tail the logs and see the entries in real time. In order to do that you can use the following commands:

      tail -f /usr/local/apache/domlogs/username
      tail -f /home/username/access_logs/domain
      

      You can also use:

      tail -n 0 -f /usr/local/apache/domlogs/* 2>/dev/null | grep "POST\|GET\|HEAD"
      

      In this way you will see whole incoming traffic on your server.

      Let me know if you have any questions.

      Regards,
      Alex

Have another answer? Share your knowledge.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!