// server log reference

Read, parse & understand
your server logs.

A practical reference for webmasters and IT professionals. Covers Apache, Nginx, FTP, MySQL, SSH, Postfix, systemd, Windows Event logs — plus a full section on detecting web attacks and compromised sites.

Pages

200+

Fields Explained

60+

Error Codes

Ready Scripts

Security & attack detection

🔴

Web Attacks Overview

Pattern recognition table for SQLi, XSS, path traversal, scanners, and DDoS — directly from your access log.

SQLiXSSpath traversalDDoS

💉

SQL Injection in Logs

Union-based, blind, time-based, and error-based SQLi — what each looks like in the log and how to catch them.

UNION SELECTsqlmap200 = danger

📜

XSS Attacks in Logs

Reflected and stored XSS payloads, encoding tricks, and scanner signatures in access logs.

reflected XSSonerror=encoded payloads

🐚

Web Shell Detection

PHP shells in uploads, cmd= parameters, known backdoor names — log patterns and filesystem checks.

uploads/.phpc99/r57base64_decode

🔑

Suspicious Admin Logins

Detect credential stuffing, off-hours access, and post-login attacker activity in wp-admin and phpMyAdmin.

wp-login 302off-hoursplugin-install

🔓

WordPress Brute Force & xmlrpc

xmlrpc.php multicall attacks explained, wp-login status codes decoded, block configs for Nginx + Apache.

xmlrpc multicallPOST 302 = success

🔌

Malicious Plugin Detection

Backdoor plugins, SEO cloaking, Googlebot redirects, and nulled plugin signs in logs and on the filesystem.

nulled pluginsSEO spamGooglebot redirect

🚨

Incident Response

Preserve evidence, build the attack timeline, identify the entry point, determine scope. Step-by-step with commands.

forensicstimelineevidence

Browse by log type

🟠

Apache HTTP Server

Access log, error log, HTTP status codes, and LogFormat directive reference.

access.logerror.logstatus codes

🟢

Nginx

All log variables explained, error log decoded, and recommended log_format configs including JSON.

$variablesupstreamproxy

🔵

FTP — vsftpd & ProFTPD

xferlog format, ProFTPD directives, and FTP reply codes for diagnosing transfer failures.

xferlogreply codesFTPS

🟡

MySQL / MariaDB

Error, slow query, general query, and binary log — all four log types covered.

slow querybinlogInnoDB

🩵

SSH / Auth Log

Decode authentication events, spot brute force attacks, understand every field in auth.log.

auth.logbrute forcefail2ban

🔴

Postfix / Mail

Trace any email end-to-end by queue ID, understand DSN codes, know what each daemon logs.

queue IDDSN codesSMTP

🟣

systemd Journal

Master journalctl — filter by unit, time, priority, and boot. Full structured field reference.

journalctljson output_PID _UID

🩷

Windows Event Logs

Security Event IDs, IIS W3C log format, and PowerShell queries for Windows Server environments.

Event IDsIISGet-WinEvent

Quick references

HTTP Status Codes→ FTP Reply Codes→ Slow Query Fields→ Postfix DSN Codes→ Windows Security Event IDs→ SSH Brute Force Detection→ Nginx Error Decoder→ All Parsing Scripts→

Read, parse & understandyour server logs.