Empty httpd logs for some websites

[overflower83]

Hi Guys,

I have a few sites where the .bytes, .error.log and .log files are empty.
The last 2 have a recent timestamp but the .bytes has a timestamp that's 2 or more days old.
I cannot seem to find out why these are not filled for the sites.
Does anyone have an idea where to look?

Kind regards,

Hans

 

[zEitEr]

Hello,

Make sure to restart apache and check httpd.conf for the affected virtual hosts.

 

[goad]

logs

I am experiencing the same issue, and i can't seem to figure out why. Things i already tried:

- Check rights and ownership
- Remove logs and restart httpd
- Check log path in httpd.conf

I even reinstalled the complete VPS with a new copy, to no avail. Is there perhaps another setting of logging level i am missing?

 

[zEitEr]

What do you mean under reinstalling a VPS ? Did you create a snapshot of your current VPS and rebuild a server from it? Or you mean that you installed a fresh copy of OS and then went through directadmin step-by-step installation?

Anyway are all the logs empty: access, error? Are they empty for all domains or a particular one? Do domains point to the correct IP of the server?

 

[goad]

Hi Alex,

Thank you for replying! it's a fresh VPS deployment. Not a clone or a snaphot; a fresh, empty installation of CentOS with a pre-installed copy of DirectAdmin. After deployment i created a user, and installed a dummy copy of WordPress. The users log a neatly created in /var/log/httpd/domains/ with (as far as i can see) correct rights. They get recreated if i delete them and restart DA.

The error log show only two lines:

[Mon Aug 31 00:11:02.004634 2015] [ssl:warn] [pid 23345] AH01906: www.testy.com:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Aug 31 00:11:02.004660 2015] [ssl:warn] [pid 23345] AH01909: www.testy.com:443:0 server certificate does NOT include an ID which matches the server name

The bytes and access logs both remain empty. What do you mean with do the domains point to the correct IP? the user installation is available through a public IP. Do the logs require a correctly pointing public domain for them to work? This should also work when generating traffic to something like http://vpsdomain.com/~username/ right?

 

[zEitEr]

Do the logs require a correctly pointing public domain for them to work? This should also work when generating traffic to something likehttp://vpsdomain.com/~username/ right?

Yes, it would create traffic and make apache to log some lines. If you don't mind I'd check it on your server (free 15-minutes limited audit). If you are interested please provide login details in PM or skype.

 

[goad]

Eureka

Ahhh, i never got that!

You effectively need an actual domainname pointing at the user for it to work. I was testing it with the temporary url http://vpsname.domain.com/~user/, and that apparently won't show up in a userlog. Doesn't make it that a security threat? if someone where to find out the temporary url of a user and use that in a bruteforce attack, those attacks wouldn't show in the userlogs?