[align=LEFT] [/align] Kernel Boot & Hardware error logs
System Informations
Use “ tail -f /var/log/message ” to list what is going on with your system and with your dns. This logs helps the admin to find our any form of tcp/udp and other form of attacks.
Bad Login / Logout logs
Stores all the bad login and logout attempts either failure or success. Just use the lastb[/b] command to list all the log in a clear format with date/time etc to trace and block the attack source. This kind of attacks on ssh are normally done using a script with Brute force password crackers.
[b] Login / Logout logs
Last Logins Logs
Database times of previous user logins. The lastlog file is a database which contains info on the last login of each user. Use the ” lastlog ” command to retrieve the data from the logs.
[b] Authentication logs
Common Cpanel logs
[b] Cpanel Initial Installation Error logs
Logs use to record the missing dependency or any error which its encouter during the cpanel installation process including the hardware driver failures/mis-matches.
Cpanel License Error Logs
Cpanel/WHM Accounting Logs
Contains a list of accounting functions performed through WHM, including account removal and creation. So the administrator can make of this logs to check who deleted the account and from which ip etc.
Cpanel/WHM Service Status Logs
Cpanel Stats Daemon Logs
[b] Cpanel login and access logs
All the login attempts and logins will be logged in this logs which helps the administrator to check who logged in to the panel on which time/ip address etc.
Cpanel Bandwidth Logs
[b] Tailwatchd Daemon logs
Cpanel Ftp logs
[b]
Ftp General login and Failure
[b] FTP account Raw logs.
[b] Pure-ftp log
[b] Pro-ftp log
Cpanel Mysql logs
[b]
MySQL General Information and Errors
Cpanel Apache logs
[b]
Apache Access Logs:
[b] General Error and Auditing Logs
All exceptions caught by httpd along with standard error output from CGI applications are logged here, including apache crash etc.
Apache SuExec Logs
Auditing information reported by suexec each time a CGI application is executed. Useful for debugging internal server errors, with no relevant information being reported to the Apache error_log, check here for potential suexec policy violations.
Domain Access & error logs
Cpanel Exim logs
[b] Mail Receive and Delivery
ACLs/Policies based RejectLog
An entry is written to this log every time a message is rejected based on either ACLs or other policies eg: aliases configured to :fail
[b]
Panic/Fatal Errors :
Logs any entries exim doesn’t know how to handle. It’s generally a really bad thing when log entries are being written here, and they should be properly investigated
IMAP/POP logs
The IMAP, POP, and SpamAssassin services all log here. This includes all general logging information (login attempts, transactions, spam scoring), along with fatal errors.
- Path : /var/log/dmesg
System Informations
- Path : /var/log/messages
Use “ tail -f /var/log/message ” to list what is going on with your system and with your dns. This logs helps the admin to find our any form of tcp/udp and other form of attacks.
Bad Login / Logout logs
- Path : /var/log/btmp
Stores all the bad login and logout attempts either failure or success. Just use the lastb[/b] command to list all the log in a clear format with date/time etc to trace and block the attack source. This kind of attacks on ssh are normally done using a script with Brute force password crackers.
[b] Login / Logout logs
- Path : /var/log/wtmp
Last Logins Logs
- Path : /var/log/lastlog
Database times of previous user logins. The lastlog file is a database which contains info on the last login of each user. Use the ” lastlog ” command to retrieve the data from the logs.
[b] Authentication logs
- Path : /var/log/secure
Common Cpanel logs
[b] Cpanel Initial Installation Error logs
- Path : /var/log/cpanel*install*
Logs use to record the missing dependency or any error which its encouter during the cpanel installation process including the hardware driver failures/mis-matches.
Cpanel License Error Logs
- Path : /usr/local/cpanel/logs/license_log
Cpanel/WHM Accounting Logs
- Path : /var/cpanel/accounting.log
Contains a list of accounting functions performed through WHM, including account removal and creation. So the administrator can make of this logs to check who deleted the account and from which ip etc.
Cpanel/WHM Service Status Logs
- Path : /var/log/chkservd.log
Cpanel Stats Daemon Logs
- Path : /usr/local/cpanel/logs/stats_log
[b] Cpanel login and access logs
- Path : /usr/local/cpanel/logs/access_log
All the login attempts and logins will be logged in this logs which helps the administrator to check who logged in to the panel on which time/ip address etc.
Cpanel Bandwidth Logs
- Path : /var/cpanel/bandwidth
[b] Tailwatchd Daemon logs
- Path : /usr/local/cpanel/logs/tailwatchd_log
Cpanel Ftp logs
[b]
Ftp General login and Failure
- Path : /var/log/messages
- Path : /var/log/xferlog
[b] FTP account Raw logs.
- Path : /usr/local/apache/domlogs/ftp.domainname-ftp_log
[b] Pure-ftp log
- Path : /var/log/pureftpd.log
[b] Pro-ftp log
- Path : /var/log/pro-ftpd.log
Cpanel Mysql logs
[b]
MySQL General Information and Errors
- Path : /var/lib/mysql/$(hostname).err
Cpanel Apache logs
[b]
Apache Access Logs:
- Path : /usr/local/apache/logs/access_log
[b] General Error and Auditing Logs
- Path : /usr/local/apache/logs/error_log
All exceptions caught by httpd along with standard error output from CGI applications are logged here, including apache crash etc.
Apache SuExec Logs
- Path : /usr/local/apache/logs/suexec_log
Auditing information reported by suexec each time a CGI application is executed. Useful for debugging internal server errors, with no relevant information being reported to the Apache error_log, check here for potential suexec policy violations.
Domain Access & error logs
- Path : /usr/local/apache/domlogs/domain.com
Cpanel Exim logs
[b] Mail Receive and Delivery
- Path : /var/log/exim_mainlog or /var/log/exim/mainlog(FreeBSD)
ACLs/Policies based RejectLog
- Path : /var/log/exim_rejectlog
An entry is written to this log every time a message is rejected based on either ACLs or other policies eg: aliases configured to :fail
[b]
Panic/Fatal Errors :
- Path : /var/log/exim_paniclog
Logs any entries exim doesn’t know how to handle. It’s generally a really bad thing when log entries are being written here, and they should be properly investigated
IMAP/POP logs
- Path : /var/log/maillog & /var/log/messages
The IMAP, POP, and SpamAssassin services all log here. This includes all general logging information (login attempts, transactions, spam scoring), along with fatal errors.