From 2c13360667b534869256c208f590e5588184db35 Mon Sep 17 00:00:00 2001
From: cschantz <admin@server.local>
Date: Fri, 21 Nov 2025 16:16:24 -0500
Subject: [PATCH] Add Plesk log path documentation based on official research
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

RESEARCH CONDUCTED:
Consulted official Plesk documentation to verify log paths:
https://docs.plesk.com/en-US/obsidian/

VERIFICATION:
Current code is CORRECT - uses wildcard pattern that catches all Plesk logs:
- Apache HTTP: access_log
- Apache HTTPS: access_ssl_log
- nginx HTTP: proxy_access_log
- nginx HTTPS: proxy_access_ssl_log

DOCUMENTATION ADDED:
- Added official Plesk log paths in comments (lines 310-318)
- Noted hardlink relationship between /var/www/vhosts/{domain}/logs
  and /var/www/vhosts/system/{domain}/logs
- Updated domain extraction comment for clarity (line 334)

No code changes needed - existing wildcard pattern already works correctly.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 modules/security/bot-analyzer.sh | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/modules/security/bot-analyzer.sh b/modules/security/bot-analyzer.sh
index a061076..238a7ab 100755
--- a/modules/security/bot-analyzer.sh
+++ b/modules/security/bot-analyzer.sh
@@ -307,7 +307,13 @@ parse_logs() {
         log_search_path="/home/*/var/*/logs"
         log_search_name="transfer*.log"
     else
-        # cPanel/Plesk: /var/log/apache2/domlogs/domain.com
+        # cPanel: /var/log/apache2/domlogs/domain.com or domain.com-ssl_log
+        # Plesk: Research verified paths from https://docs.plesk.com/en-US/obsidian/
+        #   Apache HTTP:  /var/www/vhosts/system/{domain}/logs/access_log
+        #   Apache HTTPS: /var/www/vhosts/system/{domain}/logs/access_ssl_log
+        #   nginx HTTP:   /var/www/vhosts/system/{domain}/logs/proxy_access_log
+        #   nginx HTTPS:  /var/www/vhosts/system/{domain}/logs/proxy_access_ssl_log
+        # Note: /var/www/vhosts/{domain}/logs/ are hardlinks (backward compat)
         log_search_path="$LOG_DIR"
         log_search_name="*"
     fi
@@ -325,7 +331,7 @@ parse_logs() {
             # InterWorx: extract from path /home/user/var/domain.com/logs/transfer*.log
             domain=$(echo "$logfile" | sed -n 's|^/home/.*/var/\([^/]*\)/logs/.*|\1|p')
         elif [ "$SYS_CONTROL_PANEL" = "plesk" ]; then
-            # Plesk: extract from path /var/www/vhosts/system/domain.com/logs/access_log
+            # Plesk: extract from path /var/www/vhosts/system/domain.com/logs/{access_log,access_ssl_log,proxy_*}
             domain=$(echo "$logfile" | sed -n 's|^/var/www/vhosts/system/\([^/]*\)/logs/.*|\1|p')
         else
             # cPanel: extract from filename /var/log/apache2/domlogs/domain.com or domain.com-ssl_log