#! /usr/bin/env bash # ABOUT THIS SCRIPT # -------------------------------------------------------------------- # This script finds recent entries in a user's error log files. script_name=errorbot script_version=0.8.1 script_date=20210720 script_license=GPLv3 script_url=https://gitlab.com/beepmode/errorbot script_url_raw=https://gitlab.com/beepmode/errorbot/-/raw/master/errorbot # Vim :set tabstop=2 shiftwidth=2 expandtab # VARIABLES # -------------------------------------------------------------------- # You can modify the default behaviour of this script by changing the # below variables. These variable can be overridden with arguments. # [$check_user_logs] # A true/false boolean to define if the script should check error logs # for a user. check_user_logs=true # [$user_log_name] # The basename of the local log file. Make sure to use quotes when # using globbing (*, ? etc.). user_log_name="*error?log" # [$user_log_path] # The path to the user's home directory. user_log_path=auto # [$list_user_logs] # A true false boolean that can be set to true if we just want to # list all the user's error log files and exit. list_user_logs=false # [$check_global_logs] # A true/false boolean to define if the script should check the # global error log. check_global_logs=true # [$global_logs] # An array with global log files. With PHP on cPanel servers there # may be multiple global logs. global_logs=( /var/log/apache2/error_log ) # [$check_php_fpm_logs] # A true/false boolean to define if the script should include global # PHP-FPM error logs. Any PHP-FPM logs are added to $global_logs check_php_fpm_logs=true # [$php_fpm_logs_path] # The path to the PHP_FPM error logs. php_fpm_logs_path=(/opt/cpanel/ea-php??/root/usr/var/log/php-fpm) # [$since] # A variable to limit the output to errors that occurred in the # last n minutes. since=30 # [$max_file_size] # The size in kilobytes that triggers the script to tail the last # $tail_length lines. This prevents the script from converting # timestamps on an insane number of lines. max_file_size=5120 # [$tail_length] # The number of lines that should be tailed when the $max_file_size # is exceeded. tail_length=200 # [$ts_formats] # Array containing different types of timestamps. Different log # files use different timestamp formats, and a single log may even # contain different timestamps. The script understands the following # timestamp formats: # # - ts_formats[a] [DD-MMM-YYYY HH:MM:SS TZ] user error logs, global litespeed error log) # - ts_formats[b] [DDD MMM DD HH:MM:SS.MS YYYY] global apache error log (apache, modsec) # - ts_formats[c] YYYY-MM-DD HH:MM:SS.MS global log (litespeed) # # Note that each format needs some custom awk magic to convert the # timestamps to unix times. If you add an item to the array then you # also need to add a function that converts the timestamps. declare -A ts_formats ts_formats=( [a]='^\[[[:digit:]]{2}-[[:alpha:]]{3}-[[:digit:]]{4}[[:space:]][[:digit:]]{2}:[[:digit:]]{2}:[[:digit:]]{2}.*' [b]='^\[[[:alpha:]]{3}[[:space:]][[:alpha:]]{3}[[:space:]]{1,2}[[:digit:]]{1,2}[[:space:]][[:digit:]]{2}:[[:digit:]]{2}:[[:digit:]]{2}\.?[[:digit:]]{0,6}[[:space:]][[:digit:]]{4}.*' [c]='^[[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2}[[:space:]]{1}[[:digit:]]{2}:[[:digit:]]{2}:[[:digit:]]{2}\.?[[:digit:]]{0,6}.*' ) # [$tmp_dir] # The directory for temporary files. tmp_dir=/tmp/errorbot # [$ts_prefix] and [$tmp_file] # A prefix and name for temporary files. Note that more files are # created by the convert_ts functions: # - ts_convert_a $tmp_dir/$tmp_file.a # - ts_convert_b $tmp_dir/$tmp_file.b # - ts_convert_c $tmp_dir/$tmp_file.c # # In addition, there is a file that concatenates the three files: # - $tmp_dir/$tmp_file.all ts_prefix=$(date +"%Y%m%d%H%M%S") tmp_file=$tmp_dir/$ts_prefix # FUNCTIONS # -------------------------------------------------------------------- # Function for printing help information. print_help() { cat <<-USAGE SYNOPSIS errorbot [options] domain|user OPTIONS errorbot understands the below options. Note that all the variables have a default value. Run 'errorbot --vardump' to list the values. --check-user-logs=[true|false] Whether or not the script should check error logs for the user. --user-log-path=[auto|path] The path to the directory where the user's error logs live. --user-log-name=[name] The name of the user's error log (i.e. "error_log"). --check-global-logs=[true|false] Whether or not the script should check global error logs. --global-logs=[array] An array with global error log files. --since=[minutes] Look for errors in the last x minutes. --max-file-size=[kb] Tail log file if the file's size is greater than [kb]. --tail-length=[number] Tail [number] of lines (only relevant if max-file-size is defined). --list-logs List local log files and exit. --tmp-dir=[path] The path to the temporary directory. --version Print version information. DOMAIN|USER To retrieve errors for a specific user you need to specify the user name as the last argument. On cPanel servers the user name can be either the user name or the domain name. It's best to enter a domain name as (on cPanel servers) the user can be deducted from the domain name. The opposite is not (yet) supported. USAGE exit 0 } # Function to print version info. print_version() { if [ -n "$script_name" ] && [ -n "$script_version" ] && [ -n "$script_date" ]; then printf '%s\n' "$script_name (version $script_version, $script_date)" else printf '%s\n' "No version information available." exit 1 fi if [ -n "$script_url" ] && [ -n "$script_url_raw" ]; then printf '%s\n' "URL: $script_url" printf '%s\n' "Raw: $script_url_raw" fi if [ -n "$script_license" ]; then printf '%s\n' "Licence: $script_license" fi exit 0 } # Function to dump variables. print_vars() { printf '%s\n' "\$check_user_logs: $check_user_logs" printf '%s\n' "\$user_log_path: $user_log_path" printf '%s\n' "\$user_log_name: $user_log_name" # $global_logs is an array with long file names counter=1 for file in "${global_logs[@]}"; do if [ "$counter" -eq 1 ]; then printf '%s\n' "\$global_logs: $file" counter=$((counter + 1)) else printf '%s\n' " $file" fi done printf '%s\n' "\$since: $since" printf '%s\n' "\$max_file_size: $max_file_size" printf '%s\n' "\$list_user_logs: $list_user_logs" exit 0 } # Function to list log files. list_user_logs() { if [ -z "$user_home" ] || [ -z "$user_log_name" ]; then printf '%s\n' "***Error: unable to list logs:" printf '%s\n' " - user directory: $user_home" printf '%s\n' " - Log: $user_log_name" "" exit 1 else find "$user_home"/ \ -type f \ -name "$user_log_name" \ -printf "%TY-%Tm-%Td %TH:%TM\t%k\t%p\n" \ | sort -r exit 0 fi } # Function to validate tmp_dir. We'll create the directory if it # doesn't exist. validate_tmp_dir() { if [ -z "$tmp_dir" ]; then printf '%s\n' "***Error: no temporary directory defined.***" print_help elif [ ! -d "$tmp_dir" ]; then mkdir -p "$tmp_dir" fi } # Function to remove temporary files. remove_tmp_files() { rm -f $tmp_dir/* } # Function to check if the server uses cPanel, Plesk or something # else. check_server_type() { if [ -s /usr/local/cpanel/version ]; then server_type=cpanel elif [ -s /etc/plesk-release ]; then server_type=plesk else server_type=unknown fi } # Function to validate $user. This may be either a user or domain # name. Either way we'll try to get both the domain name and the # user (as it appears in /etc/passwd). validate_user() { # Check if $user is set if [ -n "$user" ]; then # Check if it looks like a username. if ! [[ $user =~ ^[-0-9a-z.]+$ ]]; then printf '%s\n' "***Error: invalid user name ($user)" "" print_help fi # Check if it looks like a domain name. if [[ $user == *"."* ]]; then domain=$user else domain=false fi else printf '%s\n' "***Error: no user specified" print_help fi # How to the user for a domain name and vice versa depends on # whether this is a cPanel or Plesk server. On cPanel servers # we can easily get the user for a domain name. However, the # reverse only works if the user only has a single domain. if [ "$server_type" = cpanel ]; then # If we got a domain then we use /scripts/whoowns to get the # user. if [ "$domain" != false ]; then user=$(/scripts/whoowns $domain) if ! grep --quiet ^"$user": /etc/passwd; then printf '%s\n' "***Error: user ($user) doesn't exist.***" exit 1 fi else # If we have a user but not a domain then we can check the # domains owned by the user. If the user has a single domain # then we've found the domain. domain_count=$(grep -c "$user" /etc/userdomains) if [ "$domain_count" -eq 0 ]; then printf '%s\n' "***Error: the user $user doesn't seem to own any domains." exit 1 elif [ "$domain_count" -eq 1 ]; then domain=$(awk -F': ' -v user="$user" '$2 == user { print $1 }' /etc/userdomains) else # If there's more than one domain then we can list the domains # and warn the user that it's best to use a domain name as the # argument. domain_array=() mapfile -t domain_array < <(awk -F': ' -v user="$user" '$2 == user { print $1 }' /etc/userdomains) printf '%s\n' " * Warning: the user $user has more than one domain:" for dom in "${domain_array[@]}"; do printf '%s\n' " * - $dom" done printf '%s\n' " *" printf '%s\n' " * No domain will be used when looking for log entries, so some " printf '%s\n' " * relevant entries may be missed. Please consider running the " printf '%s\n\n' " * with a domain name rather than a user name." print_no_domain_name_warning=true fi fi elif [ "$server_type" = plesk ]; then # On Plesk, the username may or may not be the domain name. # If we got a domain name then we "awk" /etc/passwd for the # home directory and assign $1 to $user. if [ "$domain" != false ]; then check_home_dir=$user_log_path/$domain if ! user=$(awk -F':' -v path="$check_home_dir" '$6 == path { print $1 }' /etc/passwd); then printf '%s\n' "***Error: unable to find user for domain $domain***" exit 1 fi else # We got a username rather than a domain name. In that case # we can check if the user exists in /etc/passwd and, if so, # get the domain from the home directory field ($6). if ! grep --quiet ^"$user": /etc/passwd; then printf '%s\n' "***Error: user ($user) doesn't exist.***" exit 1 else home_dir_field=$(awk -F':' -v user="$user" '$1 == user { print $6 }' /etc/passwd) if [ -n "$home_dir_field" ]; then domain=$(echo "$home_dir_field" | awk -F'/' '{ print $NF }') else printf '%s\n' "***Error: unable to get domain for user $user" fi fi fi fi # Set $user_validated to true. We're using this to avoid this # function is called a second time (i.e. when we're checking # local and global logs). user_validated=true } # Function to validate $user_log_path. By default this is set to # 'auto'. In that case we're checking if this is a cPanel or Plesk # server and, if so, use the default path. We're also setting a # variable to store the path to the user's home directory. validate_user_log_path() { if [ -n "$user_log_path" ]; then if [ "$user_log_path" = auto ]; then if [ "$server_type" = cpanel ]; then user_log_path=/home user_home=$user_log_path/$user elif [ "$server_type" = plesk ]; then user_log_path=/var/www/vhosts user_home=$user_log_path/$domain else printf '%s\n' "***Error: unable to validate path to user logs." fi elif ! [ -d "$user_log_path" ]; then printf '%s\n' "***Error: user's root directory doesn't exist ($user_log_path)." "" exit 1 fi else printf '%s\n' "***Error: --user-log-path not set" fi } # Function to validate $check_user_logs validate_check_user_logs() { if [ -n "$check_user_logs" ]; then if ! [ "$check_user_logs" = true ] || ! [ "$check_user_logs" = false ]; then printf '%s\n' "***Error: --check-user-logs can only be true of false" print_help fi else printf '%s\n' "***Error: --check-user-logs is not set." print_help fi } # Function to validate $user_log_name. We're only checking if is set. validate_user_log_name() { if [ -z "$user_log_name" ]; then printf '%s\n' "***Error: no user log file name defined." "" exit 1 fi } # Function to validate $check_global_logs validate_check_global_logs() { if [ -n "$check_global_logs" ]; then if ! [ "$check_global_logs" = true ] || ! [ "$check_global_logs" = false ]; then printf '%s\n' "***Error: --check-global-logs can only be true of false" print_help fi else printf '%s\n' "***Error: --check-global-logs is not set." print_help fi } # Function to validate $global_logs validate_global_logs() { # Append PHP-FPM errors to the array if needed if [[ "$check_php_fpm_logs" = true ]]; then mapfile -t -O "${#global_logs[@]}" global_logs < <(find "${php_fpm_logs_path[@]}" -type f -name "error?log" 2> /dev/null) fi # Check if the array contains items if [ ${#global_logs[@]} -eq 0 ]; then printf '%s\n' "Error: no global logs to check!" fi } # Function to validate $since. If it is set then we also calculate # and store the unix time from where we need to look for entries. validate_since() { if [ -n "$since" ]; then if ! [ "$since" -ge 1 ]; then printf '%s\n' "***Error: number of minutes isn't a valid integer ($since)" "" exit 1 else seconds=$(( since * 60 )) if [ -z "$ts_from" ]; then ts_current=$(date +"%s") ts_from=$(( $(date --date="@$ts_current" +"%s") - seconds )) fi fi else printf '%s\n' "***Error: number of minutes to check isn't set." "" exit 1 fi } # Function to validate $max_file_size. validate_max_file_size() { if [ -n "$max_file_size" ]; then if ! [ "$max_file_size" -ge 1 ]; then printf '%s\n' "***Error: the maximum file size isn't a valid integer ($max_file_size)" "" exit 1 fi else printf '%s\n' "***Error: maximum file size isn't set." "" exit 1 fi } # Function to validate $tail_length. validate_tail_length() { if [ -n "$tail_length" ]; then if ! [ "$tail_length" -ge 1 ]; then printf '%s\n' "***Error: the tail length isn't a valid integer ($tail_length)" "" exit 1 fi else printf '%s\n' "***Error: tail length isn't set." "" exit 1 fi } # Function to validate the $ts_formats array validate_ts_formats() { if [ ${#ts_formats[@]} -eq 0 ]; then printf '%s\n' "Error: no timestamp formats defined." exit fi } # Function to "$f". This function does a bunch of things: # * Check if the log needs to be tailed. # * Extract entries with timestamps defined in $ts_formats and # write them to temporary files. # * Check if the temporary files contain entries. process_log() { # Remove any existing $tmp_dir/$ts_prefix files rm -f "$tmp_dir"/"$ts_prefix"* # Start looping through the ts_formats array for ts in "${!ts_formats[@]}"; do # Store the format format=$ts # Create the temporary file touch "$tmp_file"."$format" # Check if we need to tail $f: if [ "$filesize" -gt "$max_file_size" ]; then tail -n "$tail_length" "$f" \ | grep -E "${ts_formats[$ts]}" >> "$tmp_file"."$format" else grep -E "${ts_formats[$ts]}" "$f" >> "$tmp_file"."$format" fi # Check if the files contains entries and call the function to # convert the timestamps in the file. if [ -s "$tmp_file"."$format" ]; then case "$format" in a) convert_ts_a ;; b) convert_ts_b ;; c) convert_ts_c ;; *) printf '%s\n' "=> Error: unknow entry format." exit 1 ;; esac fi done } # Function to convert ts_format[a] timestamps. # - Format: [DD-MMM-YYYY HH:MM:SS TZ] convert_ts_a() { awk -F '[][]' '{ n=split($2, val, / /, sep); cmd=sprintf("date +\"%%s\" -d '\''TZ=\"%s\" %s %s'\''",val[3],val[1],val[2]); cmd | getline var; close(cmd); print ""var""$3" "$4" "$5; }' "$tmp_file".a >> "$tmp_file"_a_all grep_ts_a } # Function to convert ts_format[b] timestamps. # - Format: [DDD MMM DD HH:MM:SS.MS YYYY] convert_ts_b() { awk '{ # Store the timestamp and message timestamp=$1" "$2" "$3" "$4" "$5 message=substr($0, index($0,$6)) split($timestamp, ts, / /) ts_year = ts[5] ts_day = ts[3] ts_time = substr(ts[4],1,8) # Get the time in an array split(ts_time,ts_time_arr,/:/) ts_hour = ts_time_arr[1] ts_min = ts_time_arr[2] ts_sec = ts_time_arr[3] # Convert the month name to a month number ts_month = sprintf("%02d",(index("JanFebMarAprMayJunJulAugSepOctNovDec",ts[2])+2)/3) # Concatenate the new timestamp elements ts_concat = sprintf("%04d %02d %02d %02d %02d %02d", ts_year, ts_month, ts_day, ts_hour, ts_min, ts_sec) # Convert the timestamp to a Unix timestamp unix_time = mktime(ts_concat) printf "%s %s\n", unix_time, message }' "$tmp_file".b >> "$tmp_file"_b_all grep_ts_b } # Function to convert ts_format[c] timestamps. # - Format: YYYY-MM-DD HH:MM:SS.MS convert_ts_c() { awk '{ # Store the timestamp and message timestamp = $1" "$2 message = substr($0, index($0,$3)) # Split $timestamp to an array split(timestamp, ts) # Get the date and time, and replace unwanted chars ts_date = gensub(/-/, " ", "G", ts[1]) ts_time = gensub(/:/, " ", "G", substr(ts[2],1,8)) # Concatenate the new timestamp elements ts_concat = ts_date" "ts_time # Convert to a Unix timestamp unix_time = mktime(ts_concat) printf "%s %s\n", unix_time, message }' "$tmp_file".c >> "$tmp_file"_c_all grep_ts_c } grep_ts_a() { # ts_a entries are typically entries in user logs. We don't need # to do anything special with them. They can also be LiteSpeed # errors in the global LiteSpeed logs. In that case we need to # grep the php-fpm pool name. # # The pool name is the domain name with all dots replaced by # underscores. That means we can only grep for entries if we # know the domain name. if [ "$log_type" = "global" ]; then if [ "$domain" != false ]; then pool="${domain//./_}" grep "$pool" "$tmp_file"_a_all >> "$tmp_file"_matches fi else # Append all entries to $tmp_file_matches cat "$tmp_file"_a_all >> "$tmp_file"_matches fi } grep_ts_b() { # Relevant entries with this timestamp format include the domain. # Just to make sure we'll also grep for the user's home directory. if [ "$domain" != false ]; then grep -E "$domain|$user_home" "$tmp_file"_b_all >> "$tmp_file"_matches else grep "$user_home" "$tmp_file"_b_all >> "$tmp_file"_matches fi } grep_ts_c() { # Relevant entries with this timestamp format include the domain. # Just to make sure we'll also grep for the user's home directory. if [ "$domain" != false ]; then grep -E "$domain|$user_home" "$tmp_file"_c_all >> "$tmp_file"_matches else grep "$user_home" "$tmp_file"_c_all >> "$tmp_file"_matches fi } # Function to extract log entries from $tmp_file_matches # and write them to $tmp_file_print. extract_entries() { # Remove any existing $tmp_file_print file rm -f "$tmp_file"_print # Make sure $tmp_file_matches contains data if [ -s "$tmp_file"_matches ]; then # Write entries newer than $ts_from to another temporary file awk -v ts_from="$ts_from" '$1 > ts_from { print $0 }' "$tmp_file"_matches >> "$tmp_file"_print # Check if we got any entries count_entries=$(wc -l "$tmp_file"_print | awk '{ print $1 }') if [ "$count_entries" -eq 0 ]; then printf '%s\n\n' "=> No errors found." else # Print the entries (using a sane timestamp) awk '{ $1=strftime("%Y-%m-%d %H:%M:%S", $1); print $0 }' "$tmp_file"_print echo "" fi else printf '%s\n\n' "=> No errors found" fi } # PARSE ARGUMENTS # -------------------------------------------------------------------- while [ "$#" -gt 0 ]; do case "$1" in --check-user-logs=*) check_user_logs="${1#*=}" ;; --user-log-path=*) user_log_path="${1#*=}" ;; --user-log-name=*) user_log_name="${1#*=}" ;; --check-global-logs=*) check_global_logs="${1#*=}" ;; --global-logs=*) unset global_logs grepstring="${1#*=}" IFS=', ' read -r -a global_logs <<< "$grepstring" ;; --since=*) since="${1#*=}" ;; --max-file-size=*) max_file_size="${1#*=}" ;; --tail-length=*) tail_length="${1#*=}" ;; --tmp-dir=*) tmp_dir="${1#*=}" ;; --list-logs) list_user_logs=true ;; --help) print_help ;; --version) print_version ;; --vardump) print_vars ;; --*) printf '%s\n' "***Error: invalid argument ($1)" "" print_help ;; *) user="${1#*=}" ;; esac shift done # LIST LOGS # -------------------------------------------------------------------- # We'll first check if we need to list logs. If so, there's nothing # else to do (the script will exit after the list_user_logs function). if [[ "$list_user_logs" = true ]]; then check_server_type validate_user validate_user_log_path list_user_logs fi # HOUSEKEEPING / SANITY CHECK # -------------------------------------------------------------------- # Next we'll make sure that $check_user_logs and $check_global_logs are # not both false. if [[ "$check_user_logs" = false ]] && [[ "$check_global_logs" = false ]]; then printf '%s\n' "Both the user log and global log checks are set to false." printf '%s\n' "Nothing to do..." exit 0 fi # CHECK USER LOGS # -------------------------------------------------------------------- # If we're still alive then we can next check if we need to check user # logs. If so, there's quite a bit work to do... if [[ "$check_user_logs" = true ]]; then # Validate required variables. check_server_type validate_tmp_dir remove_tmp_files validate_user validate_user_log_path validate_user_log_name validate_max_file_size validate_tail_length validate_since # We're processing user and global logs differently. User logs # should always have ts_format_a timestamps, so we don't need to # check for other types of timestamps. The $log_type is passed # to the ? function log_type="local" # Store the user log files in an array ($logfiles): printf '\n%s\n' "Checking for entries since $since minutes ago in user logs for $user..." printf '%s\n' "========================================================================" mapfile -t logfiles < <(find "$user_home" -type f -name "$user_log_name") # Check if the $logfiles array contains items and start looping. if [ ${#logfiles[@]} -eq 0 ]; then printf '%s\n\n' "No log files found." else for f in "${logfiles[@]}"; do # Print the file name: printf '%s\n' "" "File: $(stat -c %n "$f")" # We can skip the file it it's empty filesize=$(stat --format=%s "$f") if [ "$filesize" -eq 0 ]; then printf '%s\n\n' "=> File is empty" continue fi # We can also skip the file if it was last modified before $ts_from. file_mtime=$(stat --format %Y "$f") if [ "$file_mtime" -lt "$ts_from" ]; then printf '%s\n\n' "=> File not modified in last $since minutes" continue fi # If we're still alive we can process the file process_log extract_entries done fi fi # CHECK GLOBAL LOGS # -------------------------------------------------------------------- if [[ "$check_global_logs" = true ]]; then # Validate the required variables check_server_type validate_tmp_dir remove_tmp_files validate_global_logs if [ -z "$user_validated" ]; then validate_user fi validate_max_file_size validate_tail_length validate_since # Set the type of log log_type="global" printf '\n%s\n' "Checking for entries since $since minutes ago in global logs..." printf '%s\n\n' "========================================================================" if [ -n "$print_no_domain_name_warning" ]; then printf '%s\n' " * Warning: $user is not a domain name. Looking for only a user " printf '%s\n' " * name in global log files is unreliable. Consider running the " printf '%s\n\n' " * script again using the user account's domain name." fi for f in "${global_logs[@]}"; do # Print the file name. printf '%s\n' "File: $f" # Check if the file exists. if [ ! -f "$f" ]; then printf '%s\n\n' "=> File does not exist" continue fi # We can skip the file if it was last modified before $ts_from. file_mtime=$(stat --format %Y "$f") if [ "$file_mtime" -lt "$ts_from" ]; then printf '%s\n\n' "=> File not modified in last $since minutes" continue fi # We can also skip the file if it's empty filesize=$(stat --format=%s "$f") if [ "$filesize" -eq 0 ]; then printf '%s\n\n' "=> File is empty" continue fi # If we're still alive we can process the file process_log extract_entries done fi