[dicuss] package or service help me moritor file on directadmin

[xlinux]

hi all friend
for along time, i don;t comeback here
now i really have problem with help all friend
yesterday i check all logs ftp, httpd, directadmin, ssh
i find some problem, my logs httpd is empty

-rw-r--r-- 1 root root 0 Jul 15 04:02 access_log
-rw-r--r-- 1 root root 0 Jul 8 04:02 access_log.1
-rw-r--r-- 1 root root 0 Jul 1 04:02 access_log.2
-rw-r--r-- 1 root root 0 Jun 24 04:04 access_log.3

how package or service help me moritor file which i install on directadmin with centos server
ex: when anyuser change or replace or delete file, i will notice for me
thanks for all support

 

[zEitEr]

Will this http://www.linuxquestions.org/questions/linux-general-1/monitor-file-changes-54998/ help you?

 

[nobaloney]

Also check your logrotate settings to help you figure out if you were hacked (hackers often delete access logs and secure logs, and the ability to recreate and/or update them).

If you were hacked at root level, probably best to rebuild the server.

Jeff

 

[xlinux]

Also check your logrotate settings to help you figure out if you were hacked (hackers often delete access logs and secure logs, and the ability to recreate and/or update them).

If you were hacked at root level, probably best to rebuild the server.

Jeff

how i can config rotate acces_log ?

 

[nobaloney]

RTFM (Read the fine manual )

$ man logrotate

 

[xlinux]

RTFM (Read the fine manual )

$ man logrotate

i config it again and see this topic Apache access log is empty. this cause is same. how i can fix it

 

[xlinux]

still problem with it. any pro can help me

 

[zEitEr]

still problem with it. any pro can help me

You did not provide any useful information, so if you want to get a help , you should either hire somebody or give more details.

At least you could try "a method of hammer" and set your Apache configs to defaults with

./build rewrite_confs

and re-build apache with

./build httpd

Note, I won't be responsible for any damages which might occur with running these commands. Though they are in most cases quite harmless and don't bring downtime, you might loose all of your customization (if made any) with them, and take your extra (if used any) modules unloaded into apache.

 

[xlinux]

you said that , you need more information but i all file structure file and list file i show all. what infomation you want to see more. i will show and all member and you can review it. thanks
p/s: i think don't need reinstall apache again because it will harm for my web server

 

[zEitEr]

it will harm for my web server

Since that you must be having customized apache configs and must be running any other software, which is not officially supported by Directadmin. What is it? NGINX? Other web-servers installed as front-end? You might have not-default configs there, and none of them was published here. So nobody would ever guess what might be wrong on your server in this case.

So if you need help, you really should draw a picture of how the things are organized there, attach your configs and some more details might be required.

Note, though I write here about a necessity to show apache configs and a picture of your infrastructure, I can not guarantee that I'll have time to read and learn them carefully. But it will help us to help you.

 

[xlinux]

Since that you must be having customized apache configs and must be running any other software, which is not officially supported by Directadmin. What is it? NGINX? Other web-servers installed as front-end? You might have not-default configs there, and none of them was published here. So nobody would ever guess what might be wrong on your server in this case.

So if you need help, you really should draw a picture of how the things are organized there, attach your configs and some more details might be required.

Note, though I write here about a necessity to show apache configs and a picture of your infrastructure, I can not guarantee that I'll have time to read and learn them carefully. But it will help us to help you.

i think i don't large change with apache. nginx i don't install it. with apache file config i don't rebuild it. and my all logs file still didn't change. i scare anyone can exploit and change access_log. they will clear with our trace on my server.

 

[zEitEr]

i think i don't large change with apache. nginx i don't install it. with apache file config i don't rebuild it. and my all logs file still didn't change. i scare anyone can exploit and change access_log. they will clear with our trace on my server.

To know that for sure, you should set default configs and try; it seems you have no much experience in the subject, so you need someone to check it for you. If you don't want to post them in publicity, I guess you changed enough things, which probably broke logging system in Apache. Default apache configs are available in public, and I'm sure they can not be used for any harm or hacking.

Sorry, but I don't see how to help you further without seeing configs, maybe somebody else here has time and will to play in guesses.

 

[xlinux]

To know that for sure, you should set default configs and try; it seems you have no much experience in the subject, so you need someone to check it for you. If you don't want to post them in publicity, I guess you changed enough things, which probably broke logging system in Apache. Default apache configs are available in public, and I'm sure they can not be used for any harm or hacking.

Sorry, but I don't see how to help you further without seeing configs, maybe somebody else here has time and will to play in guesses.

oh i think you don't understand me. i can public some request from you. as me understand you need show apache config file ?

 

[xlinux]

Quote Originally Posted by zEitEr View Post
To know that for sure, you should set default configs and try; it seems you have no much experience in the subject, so you need someone to check it for you. If you don't want to post them in publicity, I guess you changed enough things, which probably broke logging system in Apache. Default apache configs are available in public, and I'm sure they can not be used for any harm or hacking.

Sorry, but I don't see how to help you further without seeing configs, maybe somebody else here has time and will to play in guesses.

i can show config httpd for you can see for me ?

 

[zEitEr]

Yes, it would be a good start, but it might be not enough though.