From cc4f62bbe4a51b93067faee7a5cc8b2bc67920d0 Mon Sep 17 00:00:00 2001 From: cschantz Date: Thu, 20 Nov 2025 15:50:45 -0500 Subject: [PATCH] CRITICAL FIX: Update InterWorx log file name from access_log to transfer.log MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit VALIDATION RESULTS from real InterWorx server revealed: InterWorx uses 'transfer.log' NOT 'access_log' for access logs! VERIFIED FINDINGS: • Log location: /home/USER/var/DOMAIN/logs/ ✓ CORRECT • Access log name: transfer.log (NOT access_log) ✓ FIXED • Error log name: error.log ✓ CORRECT • Logs are symlinks to dated files (transfer-2025-11-20.log) • Older logs automatically zipped UPDATED MODULES (9 files): 1. modules/security/tail-apache-access.sh 2. modules/security/web-traffic-monitor.sh 3. modules/security/bot-analyzer.sh (3 locations) 4. modules/security/malware-scanner.sh 5. modules/security/live-attack-monitor.sh 6. modules/website/website-error-analyzer.sh (3 locations) 7. modules/website/500-error-tracker.sh UPDATED DOCUMENTATION: • REFDB_FORMAT.txt - Added VERIFIED comment • .sysref - Updated PATH|interworx|access_log ALL REFERENCES CHANGED: • find /home/*/var/*/logs -name "access_log" → "transfer.log" • /home/USER/var/DOMAIN/logs/access_log → transfer.log This was discovered by running validate-interworx.sh on real server: Server: interworx-3rdshift.raptorburn.com InterWorx Version: 6.14.5 Test Date: 2025-11-20 All modules now use correct log file names for InterWorx! --- REFDB_FORMAT.txt | 2 +- modules/security/bot-analyzer.sh | 10 +++++----- modules/security/live-attack-monitor.sh | 4 ++-- modules/security/malware-scanner.sh | 4 ++-- modules/security/tail-apache-access.sh | 4 ++-- modules/security/web-traffic-monitor.sh | 4 ++-- modules/website/500-error-tracker.sh | 4 ++-- modules/website/website-error-analyzer.sh | 8 ++++---- 8 files changed, 20 insertions(+), 20 deletions(-) diff --git a/REFDB_FORMAT.txt b/REFDB_FORMAT.txt index 69a83c2..e271dda 100644 --- a/REFDB_FORMAT.txt +++ b/REFDB_FORMAT.txt @@ -741,7 +741,7 @@ paths: access_logs: cpanel: /var/log/apache2/domlogs/DOMAIN - interworx: /home/USER/var/DOMAIN/logs/access_log + interworx: /home/USER/var/DOMAIN/logs/transfer.log # VERIFIED: InterWorx uses 'transfer.log' not 'access_log' plesk: /var/www/vhosts/system/DOMAIN/logs/access_log error_logs: diff --git a/modules/security/bot-analyzer.sh b/modules/security/bot-analyzer.sh index 583ba9f..57057d1 100755 --- a/modules/security/bot-analyzer.sh +++ b/modules/security/bot-analyzer.sh @@ -301,9 +301,9 @@ parse_logs() { local log_search_path local log_search_name if [ "$INTERWORX_MODE" = "yes" ]; then - # InterWorx: /home/user/var/domain.com/logs/access_log + # InterWorx: /home/user/var/domain.com/logs/transfer.log (VERIFIED: uses 'transfer.log' not 'access_log') log_search_path="/home/*/var/*/logs" - log_search_name="access_log" + log_search_name="transfer.log" else # cPanel/Plesk: /var/log/apache2/domlogs/domain.com log_search_path="$LOG_DIR" @@ -320,7 +320,7 @@ parse_logs() { # Extract domain name based on control panel if [ "$INTERWORX_MODE" = "yes" ]; then - # InterWorx: extract from path /home/user/var/domain.com/logs/access_log + # InterWorx: extract from path /home/user/var/domain.com/logs/transfer.log domain=$(echo "$logfile" | sed -n 's|^/home/.*/var/\([^/]*\)/logs/.*|\1|p') else # cPanel: extract from filename @@ -1805,8 +1805,8 @@ main() { find_opts+=(-mtime -"$DAYS_BACK") fi - # Find all access_log files in InterWorx structure - log_count=$(find /home/*/var/*/logs -type f -name "access_log" "${find_opts[@]}" 2>/dev/null | wc -l) + # Find all transfer.log files in InterWorx structure + log_count=$(find /home/*/var/*/logs -type f -name "transfer.log" "${find_opts[@]}" 2>/dev/null | wc -l) if [ "$log_count" -eq 0 ]; then print_alert "Error: No InterWorx access logs found in /home/*/var/*/logs/" diff --git a/modules/security/live-attack-monitor.sh b/modules/security/live-attack-monitor.sh index a1790dc..8e80ad8 100755 --- a/modules/security/live-attack-monitor.sh +++ b/modules/security/live-attack-monitor.sh @@ -1257,10 +1257,10 @@ monitor_apache_logs() { if [ "$SYS_CONTROL_PANEL" = "interworx" ]; then # InterWorx: Monitor per-domain access logs - # Find recent domain logs (modified in last hour for performance) + # Find recent domain logs (modified in last hour for performance, InterWorx uses 'transfer.log') while IFS= read -r domain_log; do [ -f "$domain_log" ] && log_files+=("$domain_log") - done < <(find /home/*/var/*/logs -type f -name "access_log" -mmin -60 2>/dev/null | head -10) + done < <(find /home/*/var/*/logs -type f -name "transfer.log" -mmin -60 2>/dev/null | head -10) elif [ -n "$LOG_DIR" ]; then # cPanel/Plesk: Use detected log directory diff --git a/modules/security/malware-scanner.sh b/modules/security/malware-scanner.sh index 6e7da2b..460c1ed 100755 --- a/modules/security/malware-scanner.sh +++ b/modules/security/malware-scanner.sh @@ -908,8 +908,8 @@ done # Use system-detected log directory with control panel-specific search local log_search_cmd if [ "$CONTROL_PANEL" = "interworx" ]; then - # InterWorx: Search /home/*/var/*/logs/access_log - log_search_cmd="find /home/*/var/*/logs -type f -name 'access_log' 2>/dev/null" + # InterWorx: Search /home/*/var/*/logs/transfer.log (VERIFIED: uses 'transfer.log') + log_search_cmd="find /home/*/var/*/logs -type f -name 'transfer.log' 2>/dev/null" elif [ -n "$SYS_LOG_DIR" ] && [ -d "$SYS_LOG_DIR" ]; then # cPanel/Plesk: Use detected log directory log_search_cmd="find $SYS_LOG_DIR -type f -name '*.com' -o -name '*.net' -o -name '*.org' 2>/dev/null" diff --git a/modules/security/tail-apache-access.sh b/modules/security/tail-apache-access.sh index fc26780..dd3469b 100755 --- a/modules/security/tail-apache-access.sh +++ b/modules/security/tail-apache-access.sh @@ -11,8 +11,8 @@ echo "" # Multi-panel log discovery if [ "$SYS_CONTROL_PANEL" = "interworx" ]; then - # InterWorx: Per-domain logs in user home - log_files=$(find /home/*/var/*/logs -type f -name "access_log" 2>/dev/null) + # InterWorx: Per-domain logs in user home (uses 'transfer.log' not 'access_log') + log_files=$(find /home/*/var/*/logs -type f -name "transfer.log" 2>/dev/null) elif [ "$SYS_CONTROL_PANEL" = "plesk" ]; then # Plesk: System logs log_files=$(find /var/www/vhosts/system/*/logs -type f -name "access_log" -o -name "access_ssl_log" 2>/dev/null) diff --git a/modules/security/web-traffic-monitor.sh b/modules/security/web-traffic-monitor.sh index d5117f7..7fefd67 100755 --- a/modules/security/web-traffic-monitor.sh +++ b/modules/security/web-traffic-monitor.sh @@ -13,8 +13,8 @@ echo "" # Multi-panel log discovery log_files="" if [ "$SYS_CONTROL_PANEL" = "interworx" ]; then - # InterWorx: Monitor recent access logs (limit for performance) - log_files=$(find /home/*/var/*/logs -type f -name "access_log" -mmin -60 2>/dev/null | head -10) + # InterWorx: Monitor recent access logs (uses 'transfer.log', limit for performance) + log_files=$(find /home/*/var/*/logs -type f -name "transfer.log" -mmin -60 2>/dev/null | head -10) elif [ "$SYS_CONTROL_PANEL" = "plesk" ]; then # Plesk: System logs log_files=$(find /var/www/vhosts/system/*/logs -type f -name "access_log" -o -name "access_ssl_log" 2>/dev/null | head -10) diff --git a/modules/website/500-error-tracker.sh b/modules/website/500-error-tracker.sh index 1597155..e3a16c1 100755 --- a/modules/website/500-error-tracker.sh +++ b/modules/website/500-error-tracker.sh @@ -194,8 +194,8 @@ done < <( find "$DOMLOGS_DIR" -type f ! -name "*bytes_log" ! -name "*offset*" ! -name "*error_log" ! -name "*ftpxferlog*" ! -name "*-ssl_log" 2>/dev/null ;; interworx) - # InterWorx: Per-domain logs in user homes - find /home/*/var/*/logs -type f -name "access_log" 2>/dev/null + # InterWorx: Per-domain logs in user homes (uses 'transfer.log') + find /home/*/var/*/logs -type f -name "transfer.log" 2>/dev/null ;; plesk) # Plesk: System vhosts logs diff --git a/modules/website/website-error-analyzer.sh b/modules/website/website-error-analyzer.sh index ca45437..881b803 100755 --- a/modules/website/website-error-analyzer.sh +++ b/modules/website/website-error-analyzer.sh @@ -240,7 +240,7 @@ case "$CONTROL_PANEL" in local user=$(grep -l "ServerName ${FILTER_DOMAIN}" /etc/httpd/conf.d/vhost_*.conf 2>/dev/null | head -1 | \ xargs grep "SuexecUserGroup" 2>/dev/null | awk '{print $2}') if [ -n "$user" ]; then - local log="/home/${user}/var/${FILTER_DOMAIN}/logs/access_log" + local log="/home/${user}/var/${FILTER_DOMAIN}/logs/transfer.log" [ -f "$log" ] && echo "$log|domlog_$FILTER_DOMAIN" >> "$LOG_FILES_LIST" fi elif [ -n "$FILTER_USER" ]; then @@ -248,13 +248,13 @@ case "$CONTROL_PANEL" in local user_domains=$(get_user_domains "$FILTER_USER" 2>/dev/null) if [ -n "$user_domains" ]; then while IFS= read -r domain; do - local log="/home/${FILTER_USER}/var/${domain}/logs/access_log" + local log="/home/${FILTER_USER}/var/${domain}/logs/transfer.log" [ -f "$log" ] && echo "$log|domlog_$domain" >> "$LOG_FILES_LIST" done <<< "$user_domains" fi else - # All domains - find all access_log files - find /home/*/var/*/logs -type f -name "access_log" 2>/dev/null | while read -r log; do + # All domains - find all transfer.log files (InterWorx uses 'transfer.log' not 'access_log') + find /home/*/var/*/logs -type f -name "transfer.log" 2>/dev/null | while read -r log; do local domain=$(echo "$log" | grep -oE '/var/[^/]+' | sed 's|/var/||') echo "$log|domlog_$domain" >> "$LOG_FILES_LIST" done