Log Diving Older Cpanel

/home/*/logs/ (Old, before daily log rollover)

Most requests in a provided window

(echo; read -p "Start time (01/Jan/2019:00:00): " stime; read -p "End time (01/Jan/2019:00:00): " etime;  for x in `find /home/*/logs/ -type f -name "*.gz"`; do echo -e "$(awk -v s="$stime" -v e="$etime" '$0 ~ s{found=1;next} $0 ~ e{found=0}found' <(gzip -dc $x) | wc -l) \t$x" ; done) | sort -nr | grep -v '^0 '

IP Access in a provided window

(echo; read -p "Cpanel user: " user; read -p "Start time (01/Jan/2019:00:00): " stime; read -p "End time (01/Jan/2019:00:00): " etime;  for x in `find /home/$user/logs/ -type f -name "*.gz"`; do if grep -q $stime <(gzip -dc $x) ; then  echo -e "\n\n$x\n"; awk -v s="$stime" -v e="$etime" '$0 ~ s{found=1;next} $0 ~ e{found=0}found' <(gzip -dc $x)| awk '{print $1}' | sort | uniq -c | sort -nr ; fi ; done)

POST requests in a provided window

(echo; read -p "Cpanel user: " user; read -p "Start time (01/Jan/2019:00:00): " stime; read -p "End time (01/Jan/2019:00:00): " etime;  for x in `find /home/$user/logs/ -type f -name "*.gz"`; do if grep -q $stime <(gzip -dc $x) ; then echo -e "\n\n$x\n"; awk -v s="$stime" -v e="$etime" '$0 ~ s{found=1;next} $0 ~ e{found=0}found' <(gzip -dc $x)| grep POST | awk -F'\"' '{print $2}' | sort | uniq -c | sort -nr; fi ; done)

IP requests in a provided window

 (echo; read -p "What is the IP? " IP; read -p "Start time (01/Jan/2019:00:00): " stime; read -p "End time (01/Jan/2019:00:00): " etime;  for x in `find /home/*/logs/ -type f -name "*.gz"`; do echo -e "$(awk -v s="$stime" -v e="$etime" '$0 ~ s{found=1;next} $0 ~ e{found=0}found' <(gzip -dc $x) | grep $IP | wc -l) \t$x" ; done) | sort -nr | grep -v '^0 '