Log files on CentOS Plesk server

Plesk

Logs
Error log: /var/log/sw-cp-server/error_log and /var/log/sw-cp-server/sw-engine.log
Access log: /usr/local/psa/admin/logs/httpsd_access_log
Panel log: /usr/local/psa/admin/logs/panel.log

Services
Stop: /etc/init.d/psa stop
Start: /etc/init.d/psa start
Restart: /etc/init.d/psa restart

Configuration
PHP config: /usr/local/psa/admin/conf/php.ini
Panel config: /usr/local/psa/admin/conf/panel.ini
Web server config: /etc/sw-cp-server/conf.d/plesk.conf

Web Presence Builder

Logs

Error log: /usr/local/psa/admin/logs/sitebuilder.log
Install/upgrade logs: /usr/local/sb/tmp/
No service control (working via sw-cp-server service)

Configuration
/usr/local/sb/config
/etc/sw-cp-server/conf.d/plesk.conf
/usr/local/psa/admin/conf/php.ini

 

SSO

Logs
Error log: /var/log/sw-cp-server/error_log
SSO log: /var/log/sso/sso.log

Services
No service control (works via sw-cp-server service)
Manage settings: /usr/local/psa/bin/sso

Configuration
/etc/sso/sso_config.ini
/etc/sw-cp-server/conf.d/sso.inc

 

Backup Manager

Logs
Backup logs: /usr/local/psa/PMM/logs/backup-
Restore log: /usr/local/psa/PMM/logs/restore-
Functionality is controlled by the Plesk control panel service

Configuration
/etc/psa/psa.conf

 

Plesk Migrator

Configuration
/usr/local/psa/var/modules/panel-migrator/conf/

Logs
/usr/local/psa/var/modules/panel-migrator/logs/

 

Migration Manager

Logs
/usr/local/psa/PMM/logs/migration-
Functionality is controlled by the Plesk control panel service.

 

Health Monitor Manager

Logs
/usr/local/psa/admin/logs/health-alarm.log

Services
Stop: /etc/init.d/sw-collectd stop
Start: /etc/init.d/sw-collectd start
Restart: /etc/init.d/sw-collectd restart

Configuration
/usr/local/psa/admin/conf/health-config.xml
/usr/local/psa/var/custom-health-config.xml
/etc/sw-collectd/collectd.conf

 

Health Monitor Notification Daemon

Logs
/usr/local/psa/admin/logs/health-alarm.log

Services
Stop: /etc/init.d/psa-health-monitor-notificationd stop
Start: /etc/init.d/psa-health-monitor-notificationd start
Restart: /etc/init.d/psa-health-monitor-notificationd restart

Configuration
/usr/local/psa/admin/conf/health-config.xml
/usr/local/psa/var/custom-health-config.xml

 

MySQL

Logs
/var/log/mysqld.log

Services
Stop: /etc/init.d/mysqld stop
Start: /etc/init.d/mysqld start
Restart: /etc/init.d/mysqld restart

Configuration
/etc/my.cnf
/etc/mysql/my.cnf (Debian/Ubuntu)

 

PostgreSQL

Logs
/var/lib/pgsql/pgstartup.log

Services
Stop: /etc/init.d/postgresql stop
Start: /etc/init.d/postgresql start
Restart: /etc/init.d/postgresql restart

Configuration
/var/lib/pgsql/data/postgresql.conf

 

Apache

Logs
Global Access and Error logs: /var/log/httpd/
Domain logs: /var/www/vhosts//logs

Services
Stop: /etc/init.d/httpd stop
Start: /etc/init.d/httpd start
Restart: /etc/init.d/httpd restart

Configuration
/etc/httpd/conf/httpd.conf
/etc/httpd/conf.d/zz010_psa_httpd.conf (includes generated configuration files with the rest of the vhosts and server configuration)
NOTE: On SuSE, Debian, and Ubuntu, the service is called “apache2”. The path to its logs is /var/log/apache2 and the path to configs is /etc/apache2.

 

NGINX

Logs
Error log: /var/log/nginx/error.log
Access log: /var/log/nginx/access.log
Domain logs: /var/www/vhosts//logs/proxy_access*_log

Services
Stop: /etc/init.d/nginx stop
Start: /etc/init.d/nginx start
Restart: /etc/init.d/nginx restart
NOTE: To disable nginx, go to “Tools & Settings > Services Management” and stop nginx from there.

Configuration
/etc/nginx/nginx.conf
/etc/nginx/conf.d/zz010_psa_nginx.conf (includes generated configuration files with the rest of the vhosts’ and server configuration)

 

Tomcat

Logs
/var/log/tomcat5/*

Services
Stop: /etc/init.d/tomcat5 stop
Start: /etc/init.d/tomcat5 start
Restart: /etc/init.d/tomcat5 restart

Configuration
/etc/tomcat5/server.xml

 

FTP

Logs
/usr/local/psa/var/log/xferlog
/var/log/secure
No service control (works via xinetd service)

Configuration
/etc/xinetd.d/ftp_psa
/etc/proftpd.conf
/etc/proftpd.include

 

Xinetd

Logs
/var/log/messages

Services
Stop: /etc/init.d/xinetd stop
Start: /etc/init.d/xinetd start
Restart: /etc/init.d/xinetd restart

Configuration
/etc/xinetd.conf
/etc/xinetd.d/* (files with “.” in the name are ignored)

 

BIND

Logs
/var/log/messages

Services
Stop: /etc/init.d/named stop
Start: /etc/init.d/named start
Restart: /etc/init.d/named restart

Configuration
/etc/named.conf
NOTE: In Debian/Ubuntu, the service is called “bind9.”

 

Courier-IMAP

Logs
/usr/local/psa/var/log/maillog

Services
Stop: /etc/init.d/courier-imap stop
Start: /etc/init.d/courier-imap start
Restart: /etc/init.d/courier-imap restart

Configuration
/etc/courier-imap/imapd
/etc/courier-imap/imapd-ssl
/etc/courier-imap/pop3d
/etc/courier-imap/pop3d-ssl

 

Postfix

Logs
/usr/local/psa/var/log/maillog

Services
Stop: /etc/init.d/postfix stop
Start: /etc/init.d/postfix start
Restart: /etc/init.d/postfix restart

Configuration
/etc/postfix/master.cf
/etc/postfix/main.cf

 

Qmail

Logs
/usr/local/psa/var/log/maillog

Services
Stop: /etc/init.d/qmail stop
Start: /etc/init.d/qmail start
Restart: /etc/init.d/qmail restart

Configuration
Control files in /var/qmail/control/
/etc/xinetd.d/smtp_psa
/etc/xinetd.d/smtps_psa
/etc/xinetd.d/submission_psa

 

Horde

Logs
Error log: /var/log/psa-horde/psa-horde.log
No service control (works via Apache web-server)

Configuration
/etc/psa-webmail/horde/horde.conf
/etc/psa-webmail/horde/horde/conf.php

 

Roundcube

Logs
Error log: /var/log/plesk-roundcube/errors
No service control (works via Apache web-server)

Configuration
/etc/psa-webmail/roundcube/*

 

Mailman

Logs
/var/log/mailman/*

Services
Stop: /etc/init.d/mailman stop
Start: /etc/init.d/mailman start
Restart: /etc/init.d/mailman restart

Configuration
/etc/httpd/conf.d/mailman.conf
/usr/lib/mailman/Mailman/mm_cfg.py
/etc/mailman/sitelist.cfg

 

SpamAssassin

Logs
/usr/local/psa/var/log/maillog

Services
Stop: /etc/init.d/spamassassin stop
Start: /etc/init.d/spamassassin start
Restart: /etc/init.d/spamassassin restart

Configuration
/etc/mail/spamassassin/local.cf
/var/qmail/mailnames///.spamassassin/user_prefs

 

Parallels Premium Antivirus

Logs:
/usr/local/psa/var/log/maillog
/var/drweb/log/*

Service control:
Stop: /etc/init.d/drwebd stop
Start: /etc/init.d/drwebd start
Restart: /etc/init.d/drwebd restart

Configuration:
/etc/drweb/*

 

Kaspersky Antivirus

Logs:
/usr/local/psa/var/log/maillog

Service control:
Stop: /etc/init.d/kavehost stop
Start: /etc/init.d/kavehost start
Restart: /etc/init.d/kavehost restart

Configuration:
/opt/kav/sdk8l3/etc/kav-handler.cfg
/etc/kavehost.xml

 

phpMyAdmin

Logs:
Error log: /var/log/sw-cp-server/error_log
No service control (working via sw-cp-server service).

Configuration:
/usr/local/psa/admin/htdocs/domains/databases/phpMyAdmin/libraries/config.default.php

 

phpPgAdmin

Logs
Error log: /var/log/sw-cp-server/error_log
No service control (working via sw-cp-server service).

Configuration:
/usr/local/psa/admin/htdocs/domains/databases/phpPgAdmin/conf/config.inc.php

 

Logrotate

No service control. Executed by the daily maintenance task: /etc/cron.daily/50plesk-daily

Configuration
/usr/local/psa/etc/logrotate.conf
/usr/local/psa/etc/logrotate.d/*

 

Webalizer

No service control. Executed by the daily maintenance task: /etc/cron.daily/50plesk-daily

Configuration
/srv/www/vhosts/system//conf/webalizer.conf

 

AWstats

No service control. Executed by the daily maintenance task: /etc/cron.daily/50plesk-daily

Configuration
/usr/local/psa/etc/awstats/awstats.-*.conf

 

Watchdog (monit)

Logs:
/usr/local/psa/var/modules/watchdog/log/wdcollect.log
/usr/local/psa/var/modules/watchdog/log/monit.log

Service control:
Stop: /usr/local/psa/admin/bin/modules/watchdog/wd –stop
Start: /usr/local/psa/admin/bin/modules/watchdog/wd –start
Restart: /usr/local/psa/admin/bin/modules/watchdog/wd –restart

Configuration:
/usr/local/psa/etc/modules/watchdog/monitrc
/usr/local/psa/etc/modules/watchdog/wdcollect.inc.php

 

Watchdog (rkhunter)

Logs:
/var/log/rkhunter.log

Service control:
Start: /usr/local/psa/admin/bin/modules/watchdog/rkhunter

Configration:
/usr/local/psa/etc/modules/watchdog/rkhunter.conf

 

Plesk Firewall

Service control:
Stop: /etc/init.d/psa-firewall stop
Start: /etc/init.d/psa-firewall start
Restart: /etc/init.d/psa-firewall restart

Configuration:
/usr/local/psa/var/modules/firewall/firewall-active.sh
/usr/local/psa/var/modules/firewall/firewall-emergency.sh
/usr/local/psa/var/modules/firewall/firewall-new.sh

 

Plesk Firewall (IP forwarding)

Service control:
Stop: /etc/init.d/psa-firewall-forward stop
Start: /etc/init.d/psa-firewall-forward start
Restart: /etc/init.d/psa-firewall-forward restart

Configuration:
/usr/local/psa/var/modules/firewall/ip_forward.active
/usr/local/psa/var/modules/firewall/ip_forward.saved

 

IP Address Banning (Fail2Ban)

Service control:
Stop: /etc/init.d/fail2ban stop
Start: /etc/init.d/fail2ban start
Restart: /etc/init.d/fail2ban restart

Configuration: A set of IPTables rules. By default:-
iptables -N fail2ban-plesk-login
iptables -A fail2ban-plesk-login -j RETURN
iptables -A INPUT -p tcp -m multiport –dports 8880,8443 -j fail2ban-plesk-login

Check log file for website “POST” entries

If you have a server that is not responding, there might be an attack on one of the domains. You can get a good idea if a normally low volume website is suddenly getting lots of traffic by running a few checks on the log files.

Count the number of posts to each unique file:
# grep POST /usr/local/apache2/logs/USER/DOMAIN-accesslog | awk ‘{print $7}’ | sort | uniq -c | sort -n 

Count the number of times each IP posted to the domain:
# grep POST /usr/local/apache2/logs/USER/DOMAIN-accesslog | awk ‘{print $1}’ | sort | uniq -c | sort -n

Count the number of unique IP addresses that posted to the domain: 
# grep POST /usr/local/apache2/logs/USER/DOMAIN-access_log | awk ‘{print $1}’ | sort | uniq | wc -l