Information Technology Grimoire

Version .0.0.1

IT Notes from various projects because I forget, and hopefully they help you too.

Apache Logs

Show Configs to find logs

apache2ctl -S

Configuration Files

cat /etc/apache2/apache2.conf
cat /etc/apache2/sites-available/bleh.conf

Default Error/Access Logs

tail -f /var/log/apache/access.log | egrep x.x.x.x
tail -f /var/log/apache/error.log  | egrep "warn|fail|error|denied|deny|reject|problem|forbid"

check configuration for specific domain logs if not combined and use the same methods, for example:

tail -f /var/www/logs/grimoire.somesite.com.access.log | egrep x.x.x.x
tail -f /var/www/logs/grimoire.somesite.com.error.log | egrep "warn|fail|error|denied|deny|reject|problem|forbid"

Example:

(1:2321)# tail -f /var/www/logs/grimoire.somesite.com.error.log | egrep "warn|fail|error|denied|deny|reject|problem|forbid"
[Fri Aug 11 17:02:24.389211 2023] [core:crit] [pid 529] (13)Permission denied: [client 47.186.73.182:2842] AH00529: /var/www/html/grimoire.somesite.com/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that '/var/www/html/grimoire.somesite.com/' is executable, referer: http://grimoire.somesite.com:4000/
[Fri Aug 11 17:02:24.389274 2023] [core:crit] [pid 31027] (13)Permission denied: [client 47.186.73.182:2843] AH00529: /var/www/html/grimoire.somesite.com/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that '/var/www/html/grimoire.somesite.com/' is executable, referer: http://grimoire.somesite.com:4000/
[Fri Aug 11 17:03:02.942562 2023] [core:crit] [pid 3755] (13)Permission denied: [client 47.186.73.182:2862] AH00529: /var/www/html/grimoire.somesite.com/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that '/var/www/html/grimoire.somesite.com/' is executable, referer: http://grimoire.somesite.com:4000/
[Fri Aug 11 17:03:02.957062 2023] [core:crit] [pid 529] (13)Permission denied: [client 47.186.73.182:2863] AH00529: /var/www/html/grimoire.somesite.com/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that '/var/www/html/grimoire.somesite.com/' is executable, referer: http://grimoire.somesite.com:4000/
[Fri Aug 11 17:03:02.988436 2023] [core:crit] [pid 3755] (13)Permission denied: [client 47.186.73.182:2862] AH00529: /var/www/html/grimoire.somesite.com/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that '/var/www/html/grimoire.somesite.com/' is executable, referer: http://grimoire.somesite.com:4000/
[Fri Aug 11 17:03:02.999763 2023] [core:crit] [pid 31027] (13)Permission denied: [client 47.186.73.182:2865] AH00529: /var/www/html/grimoire.somesite.com/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that '/var/www/html/grimoire.somesite.com/' is executable, referer: http://grimoire.somesite.com:4000/
[Fri Aug 11 17:04:24.098473 2023] [core:crit] [pid 32416] (13)Permission denied: [client 47.186.73.182:25019] AH00529: /var/www/html/grimoire.somesite.com/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that '/var/www/html/grimoire.somesite.com/' is executable
[Sun Aug 13 18:10:58.095314 2023] [autoindex:error] [pid 13716] [client 47.186.73.182:2521] AH01276: Cannot serve directory /var/www/html/grimoire.somesite.com/assets/css/: No matching DirectoryIndex (index.html) found, and server-generated directory index forbidden by Options directive
[Sun Aug 13 20:31:30.176352 2023] [core:crit] [pid 19996] (13)Permission denied: [client 47.186.73.182:19142] AH00529: /var/www/html/grimoire.somesite.com/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that '/var/www/html/grimoire.somesite.com/' is executable, referer: http://grimoire.somesite.com:4000/
[Sun Aug 13 20:31:32.244018 2023] [core:crit] [pid 19996] (13)Permission denied: [client 47.186.73.182:19142] AH00529: /var/www/html/grimoire.somesite.com/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that '/var/www/html/grimoire.somesite.com/' is executable, referer: http://grimoire.somesite.com:4000/

Searching Traffic

most common hit:

cat access.log |awk '{print $1}' | sort | uniq -c |sort -n

limit most common hit to last 10000 lines of log

tail n -10000 access.log |awk '{print $1}' | sort | uniq -c |sort -n

Example to see the top 20 of the last 10000 entries, by IP.

(1:2320)# tail -n 10000 /var/www/logs/somesite.com.access.log |awk '{print $1}' | sort | uniq -c |sort -n | tail -n 20
     40 37.59.21.100
     50 66.249.69.232
     53 163.172.67.65
     53 66.249.69.230
     53 66.249.69.231
     62 108.200.219.101
     64 85.209.176.30
     65 172.174.85.224
     66 34.106.175.155
     76 92.247.181.12
     84 162.243.46.68
     93 74.235.222.127
    115 216.244.66.232
    117 5.199.136.71
    119 172.178.11.94
    196 34.78.96.62
    645 38.126.157.48
    954 59.36.172.206
   1801 216.245.221.89
   2012 181.214.39.235