Python Script to generate summary of cPanel Access logs.
Published in
3 min readJan 20, 2020
I’ve been working on hosting department for last two years and honestly, checking cPanel access logs are a tedious task.
For example if I want to check the cPanel access logs for email account creation, I need to create a test email account then check the access logs and confirm exactly what keyword is getting called when email account is created.
So I’ve created a python dictionary with all these keywords as “key” and the corresponding operation in “value”.
Following is the python dictionary I’ve created.
keywords={
'addbhtml' : 'Database addition',
'deldbhtml' : 'Database deletion',
'simplehtml' : 'Simple DNS Zone editor',
'advancedhtml' : 'Advanced DNS Zone Editor',
'The+row+has+been+deleted ' : 'Database Deletion (phpMyAdmin)',
'passwd' : 'cPanel password change',
'add_pop' : 'Email account creation',
'delpop' : 'Email account deletion',
'passwdpop' : 'Email account password reset ',
'doaddfwd' : 'Email forwarder creation ',
'dodelfwd' : 'Email forwarder deletion ',
'doaddparked' : 'Park Domain Addition ',
'dodelparked' : 'Park Domain deletion ',
'doadddomain' : 'Addon Domain addition ',
'confirmdodeldomain' : 'Addon Domain deletion ',
'subdomain/doadddomainhtml' : 'Sub Domain addition',
'dodeldomainconfirmhtml' : 'Sub Domain deletion',
'add_ftp' : 'FTP account addition',
'delete_ftp' : 'FTP account deletion',
'addredirecthtml' : 'Redirection addition',
'delredirectconfirmhtml' : 'Redirection deletion',
'scripts/chrootpass' : 'Root Password Reset ',
'doadddfwdhtml' : 'Addition of Domain forwarder [email]',
'dodeldfwdconfirmhtml' : 'Deletion of domain forwarder [email]',
'mxcheck=local' : 'Change in Email Routing settings (local)',
'mxcheck=remote' : 'Change in Email Routing settings (remote)',
'Cron&cpanel_jsonapi_func=add_line' : 'Cron-job addition',
'Cron&cpanel_jsonapi_func=remove_line' : 'Cron-job deletion',
'remove_email_id' : 'Email account deletion',
'add_email_id' : 'Email account creation',
}Here is the final code:
import argparse,re,os,sys
#from collections import Counter
def progressBar(value, endvalue, bar_length=20):
percent = float(value) / endvalue
arrow = '-' * int(round(percent * bar_length)-1) + '>'
spaces = ' ' * (bar_length - len(arrow))
sys.stdout.write("\rProgress: [{0}] {1}%".format(arrow + spaces, int(round(percent * 100))))
sys.stdout.flush()
parser=argparse.ArgumentParser(
description="To print cPanel access log in more readable format"
)
parser.add_argument('user', help="cPanel user name")
args=parser.parse_args()
print(args)
array2=[]
filesize = os.path.getsize('/usr/local/cpanel/logs/access_log')
progress=0
with open("/usr/local/cpanel/logs/access_log",'r') as file:
print("Reading from file:")
for i in file:
progress=progress+len(i)
progressP=(float(progress))/filesize
#print(array2)/filesize
progressBar(int(progressP*100),100)
#print(i)
#print("================================================================")
if re.search(args.user, i):
array2.append(i)
keywords={
'addbhtml' : 'Database addition',
'deldbhtml' : 'Database deletion',
'simplehtml' : 'Simple DNS Zone editor',
'advancedhtml' : 'Advanced DNS Zone Editor',
'The+row+has+been+deleted ' : 'Database Deletion (phpMyAdmin)',
'passwd' : 'cPanel password change',
'add_pop' : 'Email account creation',
'delpop' : 'Email account deletion',
'passwdpop' : 'Email account password reset ',
'doaddfwd' : 'Email forwarder creation ',
'dodelfwd' : 'Email forwarder deletion ',
'doaddparked' : 'Park Domain Addition ',
'dodelparked' : 'Park Domain deletion ',
'doadddomain' : 'Addon Domain addition ',
'confirmdodeldomain' : 'Addon Domain deletion ',
'subdomain/doadddomainhtml' : 'Sub Domain addition',
'dodeldomainconfirmhtml' : 'Sub Domain deletion',
'add_ftp' : 'FTP account addition',
'delete_ftp' : 'FTP account deletion',
'addredirecthtml' : 'Redirection addition',
'delredirectconfirmhtml' : 'Redirection deletion',
'scripts/chrootpass' : 'Root Password Reset ',
'doadddfwdhtml' : 'Addition of Domain forwarder [email]',
'dodeldfwdconfirmhtml' : 'Deletion of domain forwarder [email]',
'mxcheck=local' : 'Change in Email Routing settings (local)',
'mxcheck=remote' : 'Change in Email Routing settings (remote)',
'Cron&cpanel_jsonapi_func=add_line' : 'Cron-job addition',
'Cron&cpanel_jsonapi_func=remove_line' : 'Cron-job deletion',
'remove_email_id' : 'Email account deletion',
'add_email_id' : 'Email account creation',
}
def count_IPs():
m=[]
print("\n=============================================================")
print("IPAddress "+"Number of access")
print("=============================================================")
b = {}
for i in array2:
b[i.split()[0]] = b.get(i.split()[0], 0) + 1
#Counter(m).keys()
#Counter(m).values()
for key,value in sorted(b.items(), key=lambda x:x[1],reverse=True):
print(str(key)+"\t\t"+str(value))
count_IPs()
#a_keywords = {'fileman':['POST','fileman']}
print("\n=============================================================")
print("Time"+" "+"IP"+" "+"Operation")
print("=============================================================")
for i in array2:
for key,value in keywords.items():
if key in i:
print(i.split()[3].replace("[","")+"\t"+i.split()[0]+"\t"+value)
if "POST" in i and "fileman" in i:
print(i.split()[3].replace("[","")+"\t"+i.split()[0]+"\t"+"Filemanager POST")
elif "POST" in i and "phpMyAdmin" in i:
print(i.split()[3].replace("[","")+"\t"+i.split()[0]+"\t"+"phpMyAdmin POST")What this script does is, it’ll take cPanel username as input and generate a summary of access_log(“/usr/local/cpanel/logs/access_log”) by converting access logs to three columns, “time”,“IP” and “operation”.
python generate_accesslog username;Sample Output:
