DEV Community: iraj zahedi

server log analyzer tools

iraj zahedi — Mon, 29 Sep 2025 08:01:29 +0000

A powerful, lightweight, single-file PHP script for real-time analysis of Linux server logs. This tool helps you quickly identify attacks, system errors, and security events through an interactive, graphical dashboard.

server-log-analyzer-tools

This analyzer works without a database, Composer, or any external dependencies, making it ideal for server administrators, web developers, and security specialists.

✨ Key Features

Interactive & Smart Dashboard Tab-based Interface: Cleanly separates reports into "Live Events," "Statistics," and "Top Attackers." Powerful Global Search: Instantly search for any term (like an IP address or error message) across all configured log files. Graphical Charts (Google Charts): Visualize your data, including a geo-map of attack origins, an event timeline for the last 24 hours, and a breakdown of event types. Smart, Clickable Links: Click directly on an attacker's IP to view a comprehensive list of all their logged activities. Advanced Filtering: Easily toggle the visibility of specific log types to focus on what matters.
Comprehensive Security Analysis Web Server (Apache): Detects access errors, SSL negotiation issues, and PHP-FPM-related faults. Web Application Firewall (ModSecurity): Displays attacks that have been identified and blocked by the WAF. Services (SSH, Email): Identifies Brute-Force attacks against SSH and email servers (Dovecot/Exim). Security Software (Fail2ban): Monitors Fail2ban's performance, showing banned/unbanned IPs and any operational errors. Web Attacks: Detects common attack attempts like SQL Injection, XSS, Path Traversal, and Command Injection.
System Health Monitoring Critical Kernel Errors: Identifies Kernel Panics and hardware I/O errors that may indicate serious server issues. Resource Management: Detects out-of-memory problems (OOM Killer) and processes that were forcibly terminated. System Events: Logs server reboots and the use of privileged commands (Sudo). 🚀 Installation & Setup Setup is incredibly simple. Just upload and configure a single file.

Prerequisites
A Linux server (VPS or Dedicated).
PHP version 7.0 or higher.
SSH access to the server.
Installation Steps
Upload the Script: Upload the log_analyzer.php file to your desired path on the server (e.g., within a subdomain like analyzer.yourdomain.com).

Configure Log Paths: Open the script and, in the configuration section, edit the $logFiles array to match your server's operating system. Uncomment the lines corresponding to the logs that exist on your server:

$logFiles = [
// Example for a CentOS/RHEL server with Apache
'/var/log/httpd/access_log',
'/var/log/httpd/error_log',
'/var/log/secure',
'/var/log/messages',
'/var/log/maillog',
'/var/log/fail2ban.log',

// Example for a Debian/Ubuntu server with Apache
// '/var/log/apache2/access.log',
// '/var/log/apache2/error.log',
// '/var/log/auth.log',
// '/var/log/syslog',

];
Set Permissions (Crucial Step): Your web server user (typically apache on CentOS or www-data on Ubuntu) needs permission to read these files. Run the following commands via SSH:

Note: If setfacl is not installed, use sudo yum install acl or sudo apt-get install acl.

Example for CentOS/RHEL (apache user)

sudo setfacl -m u:apache:r /var/log/messages /var/log/secure /var/log/maillog /var/log/fail2ban.log

Example for Debian/Ubuntu (www-data user)

sudo setfacl -m u:www-data:r /var/log/syslog /var/log/auth.log /var/log/mail.log /var/log/fail2ban.log
🔒 Secure the Script (Very Important!): This script displays sensitive information. You must restrict access to it with a password.

Create a .htaccess file in the same directory as your script and add the following content (adjust the path to your password file):
AuthType Basic
AuthName "Restricted Area"
AuthUserFile /path/to/your/.htpasswd
Require valid-user
Use the htpasswd command to create a password file (replace your_username with a username of your choice):
htpasswd -c /path/to/your/.htpasswd your_username
View the Report: Open the PHP file in your browser and log in with the username and password you just created.

How to Automatically Detect Unauthorized File Changes in WordPress

iraj zahedi — Mon, 29 Sep 2025 07:56:14 +0000

I'd like to propose a how-to guide focused on a critical aspect of WordPress security: file integrity monitoring. The article will explain why it's important, the common pitfalls of manual checks, and provide a practical, automated solution using a lightweight, open-source tool.

Introduction: The Silent Threat to Your Website

Briefly explain the problem: Hackers and malware often work by silently modifying core files, theme files, or plugin files to inject backdoors, SEO spam, or redirect users.

Emphasize that many site owners don't realize they've been compromised until it's too late.

State the goal of the article: To show how to set up an automated "early warning system" that alerts you the moment a file is changed.

Why File Integrity Monitoring is Essential

Explain that it's a fundamental security practice, acting like a motion detector for your server.

Quickly mention what types of changes are suspicious (e.g., a modified wp-config.php, a new .php file in wp-content/uploads, or changes to an inactive theme).

Contrast this with other security measures like firewalls (which prevent entry) vs. monitoring (which detects if entry has already happened).

The Challenge with Manual Checks

Explain why manually checking files via FTP or File Manager is impractical.

It's time-consuming, error-prone, and most importantly, it's not real-time. You might only check once a week, which gives an attacker plenty of time.

Automating the Process: A Practical Solution

Introduce the concept of using an automated tool that runs on a schedule (e.g., via WP-Cron).

Explain the core logic: The tool should scan the WordPress directory and identify files that have a "last modified" timestamp newer than the last scan.

The crucial next step: Notification. Finding the change is only half the battle; you need to be told about it immediately.

implementing a Real-Time Alert System with Telegram

Explain why Telegram is a great channel for these alerts (it's free, fast, mobile-first, and has a simple Bot API).

Introduce the open-source plugin as a ready-made solution that implements this exact logic: File Change Scanner with Telegram Notification.

Mention that it's a lightweight, focused tool available on wordpress File Change Scanner plugin

Provide a step-by-step guide on how to set it up. This section will be the core "how-to" part of the article:

Installation: How to install the plugin from the zip file.

Getting Telegram Credentials (The Easy Way):

Creating a bot with @ BotFather to get the Bot Token.

Finding your Chat ID using a helper bot like @ userinfobot.

Configuration: Showing where to paste these credentials in the plugin settings and how to use the "Send Test Message" button to verify it works.

Scheduling: Setting the scan frequency (Hourly, Twice Daily, or Daily).

What to Do When You Get an Alert

Provide brief, actionable advice for the reader.

Don't panic.

Check the filename and path in the alert.

Did you or another admin recently update a plugin or theme? If so, the change is likely legitimate.

If the change was unexpected, investigate immediately. Check the file contents, revert it from a clean backup, and consider further security scans.

Conclusion

Summarize the main point: Proactive monitoring is far better than reactive cleanup.

Reiterate that setting up a simple, automated system like this provides immense peace of mind for any WordPress site administrator.