soltek Posted March 18, 2011 Share Posted March 18, 2011 Hey there, my website got hacked today and I really need to check the apache access log to see who are the responsable for that. The thing is the log is 54GB long xD It'd take a lot of time to download that and even worst, my computer would crash trying to opening the file. I've already downloaded just 400MB, hoping the first lines of the document would be the records from the last hours, but they're from August 2010! Do you have any clue? Like a perl script or something like that, that allows me to grab only the last 1000 lines of something like that. Thank you Quote Link to comment Share on other sites More sharing options...
requinix Posted March 18, 2011 Share Posted March 18, 2011 The thing is the log is 54GB long xD It'd take a lot of time to download that and even worst, my computer would crash trying to opening the file. lern2logrotate I've already downloaded just 400MB, hoping the first lines of the document would be the records from the last hours, but they're from August 2010! Do you have any clue? Like a perl script or something like that, that allows me to grab only the last 1000 lines of something like that. Thank you The stuff you want will be near the end. That means you have to download (download? really? no ssh?) all 54GB of it. Unix has the `tail` program which spits out the last X lines of a file. There's also `grep` to search through it. Quote Link to comment Share on other sites More sharing options...
Maq Posted March 18, 2011 Share Posted March 18, 2011 soltek, do not double post. I'm deleting your other thread and here was my reply: There's probably a proper way to do this but if you have ssh access then you could tail the last 1k lines or cat it out. Quote Link to comment Share on other sites More sharing options...
soltek Posted March 18, 2011 Author Share Posted March 18, 2011 Thanks for the anwer and I'm sorry for the double post, mate. I tried the tail command and it gave me the last 1k lines I asked for. Though, the window has like a fixed height thingy going on and the first lines get replaced by the last ones. I got hacked at 13 hours ago and I just shut down apache a couple of hours ago and I got a lot of traffic. The data I want (the visitors @ 13 hours ago +-) at the moment are not the ones at the end of the log. They're some thousands of lines above. Is there any thing I can do so Putty gives me the whole last thousands of lines? It'd kick ass if I could export those thousands of lines to a *.txt or something like that. Thank you again EDIT: another option could be deleting the first thousands of lines of the log, so I could download the whole thing. Is there any ssh command to do that? Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted March 18, 2011 Share Posted March 18, 2011 Create a tail.txt file in the same directory as the log, then use this. You'll probably need to send a a break sequence (ctrl-C) to end it, since it never seems to 'finish' on its own. tail -f -n[number_of_lines_desired] [name_of_log_file] | tee tail.txt So it'll end up looking something like: tail -f -n10000 apache.log | tee tail.txt Quote Link to comment Share on other sites More sharing options...
soltek Posted March 18, 2011 Author Share Posted March 18, 2011 Create a tail.txt file in the same directory as the log, then use this. You'll probably need to send a a break sequence (ctrl-C) to end it, since it never seems to 'finish' on its own. tail -f -n[number_of_lines_desired] [name_of_log_file] | tee tail.txt So it'll end up looking something like: tail -f -n10000 apache.log | tee tail.txt Im really grateful for you to try to help me out, but I think I'm almost finished. I figured out how to split the log on 9 parts (6GB each), then I'm gonna split the last part on six and well, download that one, with 1GB. Pretty old-fashioned, but it'll do (I hope). Thanks again. Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted March 18, 2011 Share Posted March 18, 2011 OK, as long as you've gotten it handled, that's what matters. I bet you'll set up logfile rotation soon, huh? Quote Link to comment Share on other sites More sharing options...
Maq Posted March 18, 2011 Share Posted March 18, 2011 OK, as long as you've gotten it handled, that's what matters. I bet you'll set up logfile rotation soon, huh? Heh, I was just going to write the same thing. http://httpd.apache.org/docs/1.3/logs.html#rotation Quote Link to comment Share on other sites More sharing options...
soltek Posted March 18, 2011 Author Share Posted March 18, 2011 OK, as long as you've gotten it handled, that's what matters. I bet you'll set up logfile rotation soon, huh? Yes, definitively! It could have saved me a lot of hours if I had that already. I googled about it when requinix suggested that, and I saw a lot of commands so, I'll take care of this first or I'm gonna drive mad (I'm atm coding and designing the new version of my website, plus having to figure out how to organize and incentivate my oh-so-freaking-messed-up colaborators xD) Probably I'll be here tomorrow bothering you again about logfile rotation Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.