cschantz/Linux-Server-Management-Toolkit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add HTTPS (SSL) log support for InterWorx - now includes transfer-ssl.log

Browse Source 
RESEARCH FINDINGS:
Consulted official InterWorx documentation to verify log paths:
https://appendix.interworx.com/current/nodeworx/general/other/log-file-locations.html

OFFICIAL InterWorx Log Structure:
- HTTP logs:  /home/{user}/var/{domain}/logs/transfer.log
- HTTPS logs: /home/{user}/var/{domain}/logs/transfer-ssl.log

PROBLEM:
Bot-analyzer was only looking for "transfer.log" and missing all HTTPS traffic.
This means SSL-enabled sites (which is most sites) were not being analyzed.

IMPACT:
- Missing analysis of HTTPS traffic
- Incomplete bot detection for SSL sites
- Underreporting of actual traffic and threats

FIX APPLIED:

Changed log search pattern from:
  log_search_name="transfer.log"
To:
  log_search_name="transfer*.log"

This now matches BOTH:
  - transfer.log (HTTP on port 80)
  - transfer-ssl.log (HTTPS on port 443)

CHANGES:
1. Line 308: Updated search pattern to "transfer*.log"
2. Line 304-306: Added official documentation reference in comments
3. Line 325: Updated extraction comment for accuracy
4. Line 1813-1818: Updated find commands to use "transfer*.log"

VERIFICATION:
 Syntax check passed
 Pattern matches both HTTP and HTTPS logs
 Domain extraction works for both log types (same path structure)
 All diagnostic features still work

DOCUMENTATION ADDED:
Added comment block with official InterWorx documentation URL
and explicit file paths for future reference:
```
# InterWorx: Official docs from https://appendix.interworx.com/...
# HTTP:  /home/{user}/var/{domain}/logs/transfer.log
# HTTPS: /home/{user}/var/{domain}/logs/transfer-ssl.log
```

RESULT:
Bot-analyzer now analyzes COMPLETE InterWorx traffic (HTTP + HTTPS)
instead of only HTTP traffic. Critical for accurate bot detection.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
cschantz
2025-11-21 16:04:52 -05:00
parent 209ded13fc
commit a112bd53a9
1 changed files with 8 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/security/bot-analyzer.sh
+8 -6
View File
@@ -301,9 +301,11 @@ parse_logs() {
local log_search_path local log_search_path
local log_search_name local log_search_name
if [ "$INTERWORX_MODE" = "yes" ]; then if [ "$INTERWORX_MODE" = "yes" ]; then
# InterWorx: /home/user/var/domain.com/logs/transfer.log (VERIFIED: uses 'transfer.log' not 'access_log') # InterWorx: Official docs from https://appendix.interworx.com/current/nodeworx/general/other/log-file-locations.html
# HTTP: /home/{user}/var/{domain}/logs/transfer.log
# HTTPS: /home/{user}/var/{domain}/logs/transfer-ssl.log
log_search_path="/home/*/var/*/logs" log_search_path="/home/*/var/*/logs"
log_search_name="transfer.log" log_search_name="transfer*.log"
else else
# cPanel/Plesk: /var/log/apache2/domlogs/domain.com # cPanel/Plesk: /var/log/apache2/domlogs/domain.com
log_search_path="$LOG_DIR" log_search_path="$LOG_DIR"
@@ -320,7 +322,7 @@ parse_logs() {
# Extract domain name based on control panel # Extract domain name based on control panel
if [ "$INTERWORX_MODE" = "yes" ]; then if [ "$INTERWORX_MODE" = "yes" ]; then
# InterWorx: extract from path /home/user/var/domain.com/logs/transfer.log # InterWorx: extract from path /home/user/var/domain.com/logs/transfer*.log
domain=$(echo "$logfile" | sed -n 's|^/home/.*/var/\([^/]*\)/logs/.*|\1|p') domain=$(echo "$logfile" | sed -n 's|^/home/.*/var/\([^/]*\)/logs/.*|\1|p')
elif [ "$SYS_CONTROL_PANEL" = "plesk" ]; then elif [ "$SYS_CONTROL_PANEL" = "plesk" ]; then
# Plesk: extract from path /var/www/vhosts/system/domain.com/logs/access_log # Plesk: extract from path /var/www/vhosts/system/domain.com/logs/access_log
@@ -1808,12 +1810,12 @@ main() {
find_opts+=(-mtime -"$DAYS_BACK") find_opts+=(-mtime -"$DAYS_BACK")
fi fi
# Find all transfer.log files in InterWorx structure # Find all transfer*.log files in InterWorx structure (includes transfer.log and transfer-ssl.log)
log_count=$(find /home/*/var/*/logs -type f -name "transfer.log" "${find_opts[@]}" 2>/dev/null | wc -l) log_count=$(find /home/*/var/*/logs -type f -name "transfer*.log" "${find_opts[@]}" 2>/dev/null | wc -l)
if [ "$log_count" -eq 0 ]; then if [ "$log_count" -eq 0 ]; then
# Try without time filter to see if ANY logs exist # Try without time filter to see if ANY logs exist
local total_logs=$(find /home/*/var/*/logs -type f -name "transfer.log" 2>/dev/null | wc -l) local total_logs=$(find /home/*/var/*/logs -type f -name "transfer*.log" 2>/dev/null | wc -l)
if [ "$total_logs" -eq 0 ]; then if [ "$total_logs" -eq 0 ]; then
print_alert "Error: No InterWorx access logs found in /home/*/var/*/logs/" print_alert "Error: No InterWorx access logs found in /home/*/var/*/logs/"