Reading the Imunify logs
Hello,
Im trying to make a comand line here either with grep
grep domainname /var/log/imunify360/console.log
or using something like
imunify360-agent get
but I cant get around it.
Thing is data in the /var/log/imunify360/console.log file is not really user friendly and I'd like to extract there something usefull in case I need to present it to a client.
Imunify docs says that is possible with --json or --verbose options but I cant make it work.
Please help.
-
Hey there! I tested the following command on a test machine and got good results: # imunify360-agent get --since 7 TIMESTAMP ABUSER COUNTRY TIMES NAME SEVERITY 1626106938 x.x.x.x SG 1 IM360 WAF: WordPress Bruteforce RBL block 4 1626106877 x.x.x.x US 1 IM360 WAF: WordPress Bruteforce RBL block 4 1626106854 x.x.x.x IN 1 IM360 WAF: WordPress Bruteforce RBL block 4 1626106812 x.x.x.x MY 1 IM360 WAF: WordPress Bruteforce RBL block 4 1626106625 x.x.x.x SG 1 IM360 WAF: WordPress Bruteforce RBL block 4 1626106606 x.x.x.x UA 1 IM360 WAF: WordPress Bruteforce RBL block 4 1626106604 x.x.x.x AR 1 IM360 WAF: Block spam in PrestaShop 2 1626106592 x.x.x.x SG 1 IM360 WAF: WordPress Bruteforce RBL block
so I would also expect that to work well on your machine. Do you not receive any output when you try a similar command?0 -
Running the same command got me the following result: # imunify360-agent get --since 7 usage: imunify360-agent [-h] [--log-config LOG_CONFIG] [--console-log-level {ERROR,WARNING,INFO,DEBUG}] [--remote-addr REMOTE_ADDR] {3rdparty,add-sudouser,advisor,check-domains,checkdb,config,delete-sudouser,disable-plugin,doctor,enable-plugin,eula,feature-management,get-news,hook,infected-domains,login,malware,notifications-config,register,rstatus,submit,support,unregister,update,update-license,version} ... imunify360-agent: error: invalid choice: 'get' (choose from '3rdparty', 'add-sudouser', 'advisor', 'check-domains', 'checkdb', 'config', 'delete-sudouser', 'disable-plugin', 'doctor', 'enable-plugin', 'eula', 'feature-management', 'get-news', 'hook', 'infected-domains', 'login', 'malware', 'notifications-config', 'register', 'rstatus', 'submit', 'support', 'unregister', 'update', 'update-license', 'version')
I dont think the command above helps me. What I'm trying to do here is to get a user friendly report from /var/log/imunify360/console.log after I ran Imunify on a cPanel account from WHM.0 -
Thanks for that. Can you run the following commands on the system and send me the output? imunify360-agent --version cat /etc/redhat-release0 -
Here it is: imunify360-agent --version usage: imunify360-agent [-h] [--log-config LOG_CONFIG] [--console-log-level {ERROR,WARNING,INFO,DEBUG}] [--remote-addr REMOTE_ADDR] {3rdparty,add-sudouser,advisor,check-domains,checkdb,config,delete-sudouser,disable-plugin,doctor,enable-plugin,eula,feature-management,get-news,hook,infected-domains,login,malware,notifications-config,register,rstatus,submit,support,unregister,update,update-license,version} ... imunify360-agent: error: unrecognized arguments: --version
cat /etc/redhat-release CloudLinux release 7.9 (Boris Yegorov)0 -
Thanks for that - I may have mis-typed and you actually don't need the "--" before "version" but it still seems like there is something odd going on with that system. It might be best to create a ticket with our team so we can examine this directly on the server. 0 -
Here it is: imunify360-agent version 5.7.4-40 -
I do see that 5.8 has been released, so you may want to try updating the software to see if that helps. If not, I'd still recommend submitting a ticket to our team. 0 -
Im not sure this is a software version problem more like use of good command. I'll dig some more before opening a tichet. 0 -
Here are some commands I've found usefull to generate some sort of reports: imunify360-agent malware malicious list imunify360-agent malware malicious list --by-scan-id ddd9725d1e914dc9ac0a4e129d90931d imunify360-agent malware malicious list --user USERNAME --limit 1000 --since $(( $(date +%s) - 24*3600 ))0
Please sign in to leave a comment.
Comments
9 comments