Ngulik CloudNgulik Linux

Cara Mencari Log Login cPanel dan WHM

10views

Perintah ini biasanya dibutuhkan untuk mencari IP dan username saja yang telah berhasil login baik ke cpanel dan WHM.

Secara default log login cpanel tersimpan di /usr/local/cpanel/logs/access_log Anda dapat mengkombinasikannya dengan perintah cat atau tail -f

Contoh :

[rootcpanel ~]# cat /usr/local/cpanel/logs/access_log

127.0.0.1 - - [10/09/2019:12:14:52 -0000] "GET /.__cpanel__service__check__./serviceauth?sendkey=__HIDDEN__&version=1.2 HTTP/1.0" 200 0 "-" "-" "-" "-" 2086 127.0.0.1 - - [10/09/2019:12:15:02 -0000] "GET /.__cpanel__service__check__./serviceauth?sendkey=__HIDDEN__&version=1.2 HTTP/1.0" 200 0 "-" "-" "-" "-" 2086 127.0.0.1 - - [10/09/2019:12:26:47 -0000] "GET /.__cpanel__service__check__./serviceauth?sendkey=__HIDDEN__&version=1.2 HTTP/1.0" 200 0 "-" "-" "-" "-" 2086 127.0.0.1 - - [10/09/2019:12:31:49 -0000] "GET /.__cpanel__service__check__./serviceauth?sendkey=__HIDDEN__&version=1.2 HTTP/1.0" 200 0 "-" "-" "-" "-" 2086 127.0.0.1 - - [10/09/2019:12:36:51 -0000] "GET /.__cpanel__service__check__./serviceauth?sendkey=__HIDDEN__&version=1.2 HTTP/1.0" 200 0 "-" "-" "-" "-" 2086 198.108.67.48 - - [10/09/2019:12:41:10 -0000] "GET / HTTP/1.1" 301 0 "-" "-" "-" "-" 2086 127.0.0.1 - - [10/09/2019:12:41:53 -0000] "GET /.__cpanel__service__check__./serviceauth?sendkey=__HIDDEN__&version=1.2 HTTP/1.0" 200 0

Untuk memudahkan melihat user mana saja yang sukses melakukan login maka dapat menggunakan command berikut

grep “login=1&post_login=” /usr/local/cpanel/logs/access_log | awk ‘{print $1″ : “$3” : “$4}’ | grep useradmcpanel

Cek WHM root login

grep “login=1&post_login=” /usr/local/cpanel/logs/access_log | awk ‘{print $1″ : “$3” : “$4}’ | grep root

Untuk failed login bisa di cek pada /usr/local/cpanel/logs/login_log

Leave a Response