Blog

Search in system log files with CSF

CSF has a not very well-known function – Search System Logs. With this tool, you can search for specific text in the system logs.

csf search log
Search System Logs Screenshot

Search System Logs with CSF:

1. Log into WHM/DirectAdmin with root/admin credentials.

2. Look for ConfigServer Security & Firewall

3. On the main page of CSF click the Search System Logs button.

4. Select the log file you want to search. Enter the text you want to search for and click the Search button.

The CSF notes for this function:

Searches use /bin/grep//usr/bin/zgrep if wildcard is used), so the search text/regex must be syntactically correct

Use the “-i” option to ignore case

Use the “-E” option to perform an extended regular expression search

Searching large log files can take a long time. This feature has a 30 second timeout

The searched for text will usually be highlighted but may not always be successful

Only log files listed in /etc/csf/csf.syslogs can be searched. You can add to this file

The wildcard option will use /usr/bin/zgrep and search logs with a wildcard suffix, e.g. /var/log/lfd.log*

CSF Seach System Logs Notice

The utility offers the possibility to add more files to the file list. All you need to do is to add them to /etc/csf/csf.syslogs

To check the available logs in /etc/csf/csf.syslogs, use:

# cat  /etc/csf/csf.syslogs
root@web [~]# cat  /etc/csf/csf.syslogs
###############################################################################
# Copyright 2006-2015, Way to the Web Limited
# URL: http://www.configserver.com
# Email: sales@waytotheweb.com
###############################################################################
# The following is a list of log files for the UI System Log Watch and Search
# features. IF they exists they will apear in the drop-down lists
#
# File globbing is supported for logs listed below

# All:
/var/log/cron
/var/log/cxswatch.log
/var/log/lfd.log
/var/log/maillog
/var/log/messages
/var/log/rkhunter.log
/var/log/secure

# Apache:
/usr/local/apache/logs/apache_log
/usr/local/apache/logs/error_log
/usr/local/apache/logs/suexec
/usr/local/apache/logs/suphp_log
/usr/local/apache/logs/modsec_audit.log
/var/log/httpd/access_log
/var/log/httpd/error_log
/var/log/httpd/suexec
/var/log/httpd/suphp_log
/var/log/httpd/modsec_audit.log

# Nginx:
/var/log/nginx/error_log

# Webmin:
/var/webmin/miniserv.error
/var/webmin/miniserv.log
/var/webmin/webmin.log

# Exim:
/var/log/exim/mainlog
/var/log/exim/paniclog
/var/log/exim/rejectlog
/var/log/exim4/mainlog
/var/log/exim4/paniclog
/var/log/exim4/rejectlog
/var/log/exim_mainlog
/var/log/exim_paniclog
/var/log/exim_rejectlog

# Debian/Ubuntu:
/var/log/auth.log
/var/log/daemon.log
/var/log/debug
/var/log/kern.log
/var/log/mysql.err
/var/log/mysql.log
/var/log/syslog
/var/log/user.log

# cPanel:
/usr/local/cpanel/logs/access_log
/usr/local/cpanel/logs/error_log
/usr/local/cpanel/logs/stats_log
/var/log/chkservd.log

# DirectAdmin:
/var/log/directadmin/error.log
/var/log/directadmin/errortaskq.log
/var/log/directadmin/security.log
/var/log/directadmin/system.log
root@web [~]#

You can also search these logs from the command line.

Tags:

Leave a Reply