A Tailored HTTPD Log Monitoring Script

In the realm of web server management, security is a paramount concern. One effective strategy for identifying and mitigating potential threats is continuously monitoring server logs. In this blog post, we’ll explore a custom script designed to monitor Apache logs, for all of your user accounts, and highlight specific patterns associated with security risks.

Script Overview:

Breaking Down the Script:

1. Extended Globbing Enabled:
   shopt -s extglob


   This line activates extended pattern-matching features in Bash, allowing for more advanced pattern matching during file path expansion.

2. Color-Coded Output:
   export GREP_COLOR='1;37;41'


   The script sets the GREP_COLOR environment variable to ‘1;37;41’, configuring the color of matched text when using the grep command. In this case, it represents bold white text on a red background.

3. Continuous Log Monitoring:
   tail -f /var/log/apache2/domlogs/!(*bytes*) -f /usr/local/cpanel/logs/access_log


   The tail command is used to continuously display the contents of two log files. The first file, located in /var/log/apache2/domlogs/, excludes files ending with “bytes” using extended globbing. The second file is /usr/local/cpanel/logs/access_log.

4. Pattern-Based Filtering:
   | grep --color=auto -E '...'


   The output from tail is piped to grep, which searches for lines matching a specified extended regular expression pattern. The --color=auto option enables colored output for matched text. The pattern targets potential security threats or suspicious activities in web server logs.

This script is a valuable tool for enhancing web server security by providing real-time monitoring of logs and highlighting entries that match predefined patterns associated with security risks. The color-coded output aids in quickly identifying and responding to potential threats, making it an essential addition to the toolkit of server administrators focused on maintaining a secure online environment.