English

Understand logs

  • Log files description line by line...

  • AIPA creates folder /var/log/$version, where version stands for AIPA ver. e.g. AIPA_0.9.4
    Log rotation depends on year and month:

    /var/log/AIPA_0.9.4/201605_AIPAlogInfo.log
    /var/log/AIPA_0.9.4/201605_AIPAlogWarn.log

    Files older than current month can be archived with any third party application.
    AIPA logs 3 types of activity: info, warning, error in 3 files. In log directory you can find 3 files. In info file all types of activity are logged. In warning file only warning and errors are logged. In error file only error activity is logged.

     

    • On first run You propably see this, and this is ok to see this only once.
      2016-05-09 13:29:09 INFO: Log directory /var/log/AIPA_0.9.4 successfully created.
      2016-05-09 13:29:09 ERRO: Could NOT adjust abuseip.db.
      2016-05-09 13:29:09 ERRO: First run... huh? Database abuseip.db created.
      However if You see ERRO while standard processing, this could be critical filesystem error, not unpropriate permissions. Stop AIPA immediately and check this issue.
       
    • LazyUpdater clean local database from old records (set in 2settings.ini.php).
      Remember that AIPA is working on simple implemented database engine.
      AIPA loads the databse "inmemory".
      2016-05-09 13:29:09 INFO: LazyUpdater purged IPs [362] older or equal: 20160512.
          [] INFO: LazyUpdater has nothing to purge.
      While all records are up to date, LazyUpdater does NOT purge anything. This message is OK.
       
    • LazyUpdater is performing periodically check on openbl.org. Value in brackets [] is count of blocked IP's.
      2016-05-09 13:29:09 INFO: dbaipa/openbl.db successfully loaded [5229].

       
    • This message MUST be logged to run AIPA correctly.
      If You see ERRO instead of this, its issue with netstat of filesystem read/write permissions.
      2016-05-09 13:29:09 INFO: statcache.db successfully opened.

       
    • Adjusting is nothing more than updating connections count for IP.
      As we know, AIPA stores informations about rate from Abuse Service in database.
      Connections count is realtime value depending on Your server efficiency and connections to your server.
      As this value is realtime and depends on "moment", AIPA stores the maximum captured value.
      2016-05-09 13:29:09 INFO: abuseip.db adjusted [0].
      adjusted[0] - means that at this "moment" there were no IP's connections count, greater than thouse stored in database.
      adjusted[1] - means that one IP connections count is updated.
       
    • Database is in local memory to operate faster.
      2016-05-09 13:29:09 INFO: abuseip.db successfully loaded.

       
    • Check how many IP's is currenty banned. This value depends on settings in config.ini.php, not on database records.
      Its important to set config.ini.php values only before first execution. If You wish to run AIPA with new settings, please delete database.
      2016-05-09 13:29:09 INFO: Banned IPs count: 99. Scanning netstat result...

       
    • Standard messages.
      [AbuseIPdb.com] - means that IP has been checked directly through AbuseIPdb.com
      [   LocalDB   ] - means that this IP address has been previously checked and stored in Local Database.
      RBL Rate:+4 means additional scoring from Blocklist.de
      OpenBL Rate:+0 means no score on OpenBL
      Rate:13 scoring at AbuseIPdb.com
      Atom = (13+4+0)*9 + 3 = 156
      2016-05-09 15:38:03 INFO: [AbuseIPdb & RBL] Rate:13 ipConnections:3 RBL Rate:+4 "Infected System (Service: bruteforcelogin, Last-Attack: 1464769441),
      see http://www.blocklist.de/en/view.html?ip=62.210.152.90" OpenBL Rate:+0 Atom:156 IP:62.210.152.90
      2016-05-09 13:29:13 INFO: [AbuseIPdb.com] Rate:1 ipConnections:4 Atom:13 IP:91.192.165.114
      2016-05-09 13:29:13 INFO: [   LocalDB   ] Rate:1 ipConnections:16 Atom:25 IP:91.189.7.133

       
    • Connection problem with abuseipdb.com is presented in that way....
      It can be internet connection problem or You reach Your abuseipdb.com account API limit.
      2016-05-09 13:29:13 WARN: [AbuseIPdb.com] Connection problem or You have reached API check limit.
      2016-05-09 13:29:13 INFO: [AbuseIPdb.com] Rate:0 ipConnections:2 Atom:2 IP:178.120.190.201
      2016-05-09 13:29:13 WARN: 178.120.190.201 not verified. LocalDB not updated. DB may be broken or temporary connection problem with abuseipdb.com
       
    • Here is count of IP's that should be banned.
      2016-05-09 13:29:14 INFO: 1 IPs to add to banlist.
       
    • If there is something to ban, You will see this in INFO log, but also in WARN log (check it).
      2016-05-09 13:29:14 WARN: Banned: 46.148.18.162.
      2016-05-09 13:29:14 INFO: /etc/apache2/conf.d/restrict.conf reloaded.
      2016-05-09 13:29:14 INFO: Apache gracefully restarted... exiting.