Jump to content

Recommended Posts

Hey there, my website got hacked today and I really need to check the apache access log to see who are the responsable for that.

The thing is the log is 54GB long xD It'd take a lot of time to download that and even worst, my computer would crash trying to opening the file.

 

I've already downloaded just 400MB, hoping the first lines of the document would be the records from the last hours, but they're from August 2010!

 

Do you have any clue? Like a perl script or something like that, that allows me to grab only the last 1000 lines of something like that.

Thank you

Link to comment
https://forums.phpfreaks.com/topic/231018-access_log-too-heavy/
Share on other sites

The thing is the log is 54GB long xD It'd take a lot of time to download that and even worst, my computer would crash trying to opening the file.

lern2logrotate

 

I've already downloaded just 400MB, hoping the first lines of the document would be the records from the last hours, but they're from August 2010!

 

Do you have any clue? Like a perl script or something like that, that allows me to grab only the last 1000 lines of something like that.

Thank you

The stuff you want will be near the end. That means you have to download (download? really? no ssh?) all 54GB of it.

Unix has the `tail` program which spits out the last X lines of a file. There's also `grep` to search through it.

Thanks for the anwer and I'm sorry for the double post, mate.

 

I tried the tail command and it gave me the last 1k lines I asked for. Though, the window has like a fixed height thingy going on and the first lines get replaced by the last ones.

 

I got hacked at 13 hours ago and I just shut down apache a couple of hours ago and I got a lot of traffic.

The data I want (the visitors @ 13 hours ago +-) at the moment are not the ones at the end of the log. They're some thousands of lines above.

Is there any thing I can do so Putty gives me the whole last thousands of lines?

It'd kick ass if I could export those thousands of lines to a *.txt or something like that.

 

Thank you again

 

EDIT: another option could be deleting the first thousands of lines of the log, so I could download the whole thing. Is there any ssh command to do that?

Create a tail.txt file in the same directory as the log, then use this. You'll probably need to send a a break sequence (ctrl-C) to end it, since it never seems to 'finish' on its own.

 

tail -f -n[number_of_lines_desired] [name_of_log_file] | tee tail.txt

 

So it'll end up looking something like:

tail -f -n10000 apache.log | tee tail.txt

Create a tail.txt file in the same directory as the log, then use this. You'll probably need to send a a break sequence (ctrl-C) to end it, since it never seems to 'finish' on its own.

 

tail -f -n[number_of_lines_desired] [name_of_log_file] | tee tail.txt

 

So it'll end up looking something like:

tail -f -n10000 apache.log | tee tail.txt

 

Im really grateful for you to try to help me out, but I think I'm almost finished. I figured out how to split the log on 9 parts (6GB each), then I'm gonna split the last part on six and well, download that one, with 1GB.

Pretty old-fashioned, but it'll do (I hope).

 

Thanks again.

OK, as long as you've gotten it handled, that's what matters. I bet you'll set up logfile rotation soon, huh?

 

Yes, definitively! It could have saved me a lot of hours if I had that already.

I googled about it when requinix suggested that, and I saw a lot of commands so, I'll take care of this first or I'm gonna drive mad (I'm atm coding and designing the new version of my website, plus having to figure out how to organize and incentivate my oh-so-freaking-messed-up colaborators xD)

 

Probably I'll be here tomorrow bothering you again about logfile rotation :)

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.