Ngulik CloudNgulik Linux

Cara Mencari Log Login cPanel dan WHM

Doni Kuswarano commentcpanelwhm

Perintah ini biasanya dibutuhkan untuk mencari IP dan username saja yang telah berhasil login baik ke cpanel dan WHM.

Secara default log login cpanel tersimpan di /usr/local/cpanel/logs/access_log Anda dapat mengkombinasikannya dengan perintah cat atau tail -f

Contoh :

[rootcpanel ~]# cat /usr/local/cpanel/logs/access_log

127.0.0.1 - - [10/09/2019:12:14:52 -0000] "GET /.__cpanel__service__check__./serviceauth?sendkey=__HIDDEN__&version=1.2 HTTP/1.0" 200 0 "-" "-" "-" "-" 2086 127.0.0.1 - - [10/09/2019:12:15:02 -0000] "GET /.__cpanel__service__check__./serviceauth?sendkey=__HIDDEN__&version=1.2 HTTP/1.0" 200 0 "-" "-" "-" "-" 2086 127.0.0.1 - - [10/09/2019:12:26:47 -0000] "GET /.__cpanel__service__check__./serviceauth?sendkey=__HIDDEN__&version=1.2 HTTP/1.0" 200 0 "-" "-" "-" "-" 2086 127.0.0.1 - - [10/09/2019:12:31:49 -0000] "GET /.__cpanel__service__check__./serviceauth?sendkey=__HIDDEN__&version=1.2 HTTP/1.0" 200 0 "-" "-" "-" "-" 2086 127.0.0.1 - - [10/09/2019:12:36:51 -0000] "GET /.__cpanel__service__check__./serviceauth?sendkey=__HIDDEN__&version=1.2 HTTP/1.0" 200 0 "-" "-" "-" "-" 2086 198.108.67.48 - - [10/09/2019:12:41:10 -0000] "GET / HTTP/1.1" 301 0 "-" "-" "-" "-" 2086 127.0.0.1 - - [10/09/2019:12:41:53 -0000] "GET /.__cpanel__service__check__./serviceauth?sendkey=__HIDDEN__&version=1.2 HTTP/1.0" 200 0

Untuk memudahkan melihat user mana saja yang sukses melakukan login maka dapat menggunakan command berikut

grep “login=1&post_login=” /usr/local/cpanel/logs/access_log | awk ‘{print $1″ : “$3” : “$4}’ | grep useradmcpanel

Cek WHM root login

grep “login=1&post_login=” /usr/local/cpanel/logs/access_log | awk ‘{print $1″ : “$3” : “$4}’ | grep root

Untuk failed login bisa di cek pada /usr/local/cpanel/logs/login_log

Tags :cpanelwhm
add a comment

Leave a Response

You Might Also Like

Ngulik Cloud

Cara Mengatur S3 Object Storage Bucket Policy Read Extension Tertentu