Log Diving Today Cpanel

/home/*/access-logs/ (New, After daily log rollover)

Most requests in a provided window

(echo; read -p "Start time (01/Jan/2019:00:00): " stime; read -p "End time (01/Jan/2019:00:00): " etime;  for x in `find /home/*/access-logs/ -type f `; do echo -e "$(awk -v s="$stime" -v e="$etime" '$0 ~ s{found=1;next} $0 ~ e{found=0}found' $x | wc -l) \t$x" ; done) | sort -nr | grep -v '^0 '

IP Access in a provided window

(echo; read -p "Cpanel user: " user; read -p "Start time (01/Jan/2019:00:00): " stime; read -p "End time (01/Jan/2019:00:00): " etime;  for x in `find /home/$user/access-logs/ -type f `; do if grep -q $stime $x ; then  echo -e "\n\n$x\n"; awk -v s="$stime" -v e="$etime" '$0 ~ s{found=1;next} $0 ~ e{found=0}found' $x| awk '{print $1}' | sort | uniq -c | sort -nr ; fi; done)

POST requests in a provided window

(echo; read -p "Cpanel user: " user; read -p "Start time (01/Jan/2019:00:00): " stime; read -p "End time (01/Jan/2019:00:00): " etime;  for x in `find /home/$user/access-logs/ -type f `; do if grep -q $stime $x ; then echo -e "\n\n$x\n"; awk -v s="$stime" -v e="$etime" '$0 ~ s{found=1;next} $0 ~ e{found=0}found' $x| grep POST | awk -F'\"' '{print $2}' | sort | uniq -c | sort -nr ; fi; done)

IP requests in a provided window

 (echo; read -p "What is the IP? " IP; read -p "Start time (01/Jan/2019:00:00): " stime; read -p "End time (01/Jan/2019:00:00): " etime;  for x in `find /home/*/access-logs/ -type f `; do echo -e "$(awk -v s="$stime" -v e="$etime" '$0 ~ s{found=1;next} $0 ~ e{found=0}found' $x | grep $IP | wc -l) \t$x" ; done) | sort -nr | grep -v '^0 '