Our cPanel server sees a lot of traffic to a lot of different websites. Under cPanel each site has its own access_log and error_log and there is no master global access log.
There’s also no way we can find, even using plugins, to monitor and report traffic levels from any particular IP address. Something we’d like to do in order to spot genuine high traffic IPs and any that are ‘abusive’.
So we developed our own system. Here’s how…
Get Apache to log all access to all hosted sites/domains to a single log file.
The best, future-proof way we’ve found to do this is with cPanel’s VirtualHost includes. You can read more about those here.
Upshot is, all you have to do is put a file, with any name you like as long as it ends in
Permissions ‘600’ should be fine, it’s accessed by ‘root’.
In that file put this:
LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost CustomLog /usr/local/cpanel/logs/NAME-YOUR-LOG.log vhost
Give your log a name that ends ‘log’.
You may want to change the LogFormat, read about the meaning of each parameter here (note: these are for Apache 2.4).
You now need to rebuild
httpd.conf so that your new file is included into every VirtualHost. Do this by running this on the command line as ‘root’:
Now restart Apache using the link in the ‘Restart Services’ menu in WHM/cPanel control panel.
Logging should begin, to
/usr/local/cpanel/logs/NAME-YOUR-LOG.log as soon as you have any traffic.
If you’re going to move to step 2 immediately, and traffic on your server isn’t extremely high then you can skip this next step but it’s probably a good idea anyway, in case something goes wrong with your step 2 processing.
In WHM/cPanel control panel, find this in the main menu, and click on it:
cPanel Log Rotation Configuration
You should see your new log file listed here. Check the ‘rotate this log’ checkbox next to it and save the changes. You might also like to `Tweak Settings` to modify the size log files get to before they’re rotated.
You’re done. Time for step 2…
Periodically analyse and report information based on the content of that log file, and then truncate it.