Skip to main content

How to recover deleted Apache Log

Scenario: The server is running Apache and by mistake one of the log files gets deleted. How, we can recover it?
Currently, Apache server is working perfectly:
Login/Switch to as root user:
Move to the httpd in log directory:
cd /var/log/httpd
Delete the log file:
rm -f access_log
So the log file has been deleted,now find the process number for main apache procees that owned by root:
ps aux | grep httpd
In this case, the pid for the main apache process is1784.
Now lets list the file descriptors:
ls -lsa /proc/1784/fd
Stop the apache service:
service httpd stop
Now copy the access log file that is marked as deleted (In this case it is 7) into the log directory:
cp /proc/1784/fd/7 /var/log/httpd/access_log
Start the apache service again:
service httpd start
Access the webpage again from your server:
Verify the log file:
tail -f /var/log/httpd/access_log
It’s working :-)
Hope this will help you!
Scenario: The server is running Apache and by mistake one of the log files gets deleted. How, we can recover it?
Currently, Apache server is working perfectly:
Login/Switch to as root user:
Move to the httpd in log directory:
cd /var/log/httpd
Delete the log file:
rm -f access_log
So the log file has been deleted,now find the process number for main apache procees that owned by root:
ps aux | grep httpd
In this case, the pid for the main apache process is1784.
Now lets list the file descriptors:
ls -lsa /proc/1784/fd
Stop the apache service:
service httpd stop
Now copy the access log file that is marked as deleted (In this case it is 7) into the log directory:
cp /proc/1784/fd/7 /var/log/httpd/access_log
Start the apache service again:
service httpd start
Access the webpage again from your server:
Verify the log file:
tail -f /var/log/httpd/access_log

Comments

Post a Comment

Popular posts from this blog

SystemD commands

[root@centos7 ~]# systemctl -t target UNIT                   LOAD   ACTIVE SUB    DESCRIPTION basic.target           loaded active active Basic System cryptsetup.target      loaded active active Encrypted Volumes getty.target           loaded active active Login Prompts graphical.target       loaded active active Graphical Interface local-fs-pre.target    loaded active active Local File Systems (Pre) local-fs.target        loaded active active Local File Systems multi-user.target      loaded active active Multi-User System network-online.target  loaded active active Network is Online network.target         loaded active active Network nfs-client.target      loaded active active NFS client services nss-user-lookup.target loaded active active User and Gr...
Post a Comment
Read more

How to tweak linux server harddisk using hdparm

hdparm switches explained http://manpages.ubuntu.com/manpages/intrepid/man8/hdparm.8.html   First of all you have to install hdparm in linux. apt-get install hdparm #hdparm /dev/sda /dev/sda: readonly = 0 (off) readahead = 120 (on) geometry = 8850/255/63, sectors = 142182912, start = 0 Hard disk Performance Information # hdparm -tT /dev/hda /dev/hdd: Timing cached reads: 496 MB in 2.00 seconds = 247.42 MB/sec Timing buffered disk reads: 60 MB in 3.03 seconds = 19.81 MB/sec Hard drive set to low, slow settings # hdparm -cuda /dev/hda /dev/hda: IO_support = 0 (default 16-bit) unmaskirq = 0 (off) using_dma = 0 (off) readahead = 256 (on) Use below tweaks to increase disk read write performance. For sda drive ~]# hdparm -a 2048 /dev/sda /dev/sda: setting fs readahead to 2048 readahead = 2048 (on) For sdb drive [root@439298a ~]# hdparm -a 2048 /dev/sdb /dev/sdb: setting fs readahead to 2048 readahead = 2048 (on) ]# echo “anticipatory” >...
Post a Comment
Read more

Modsecurity block rule for XMLRPC and wp-login attack

SecAction phase:1,nolog,pass,initcol:ip=%{REMOTE_ADDR},initcol:user=%{REMOTE_ADDR},id:5000134  <Locationmatch "/wp-login.php">  SecRule user:bf_block "@gt 0" "deny,status:401,log,id:5000135,msg:'ip address blocked for 5 minutes, more than 10 login attempts in 3 minutes.'"  SecRule RESPONSE_STATUS "^302" "phase:5,t:none,nolog,pass,setvar:ip.bf_counter=0,id:5000136"  SecRule RESPONSE_STATUS "^200" "phase:5,chain,t:none,nolog,pass,setvar:ip.bf_counter=+1,deprecatevar:ip.bf_counter=1/180,id:5000137"  SecRule ip:bf_counter "@gt 10" "t:none,setvar:user.bf_block=1,expirevar:user.bf_block=300,setvar:ip.bf_counter=0"  </Locationmatch>  SecAction phase:1,nolog,pass,initcol:ip=%{REMOTE_ADDR},initcol:user=%{REMOTE_ADDR},id:5000234  <Locationmatch "/xmlrpc.php">  SecRule user:bf_block "@gt 0" "deny,status:401,log,id:5000235,msg:'ip address blocked for 5 m...
Post a Comment
Read more