how to check which file is being visited by remote site

Posted on 2013-06-30
Last Modified: 2013-07-09
Dear Experts,

Just want to know how web counter or awstats program ability to check all
visiting site information.

From netstat -nputw command on Linux I know , we can check who is visting to my website.
The result of the command will  show you foreign or Local address  and Protocol something
like that, but why it won't show which file is being visited by the visitors ?
for example for my wish, at least show me the visitor is  visiting file

From the local address is just IP address of my site and Port 80 only, no information about which or what html or php file is being visited, Why ?

Please advise, any Linux command can check that for me , what is exact path and the file that visitor is  or was visiting ?

And I check at /var/log/httpd/access_log , there is nothing inside of the file,Why ?
I believe my linux system will record that information for user, but where if any ?

Question by:duncanb7
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
  • 2
  • +1
LVL 110

Expert Comment

by:Ray Paseur
ID: 39288223
PHP answers:

URL of the current script is available in $_SERVER['REQUEST_URI']
IP address of the current visitor is available in $_SERVER['REMOTE_ADDR']
Browser information is available in $_SERVER["HTTP_USER_AGENT"]
Request method (GET, POST) is available in $_SERVER["REQUEST_METHOD"]

These values are not guaranteed, but are usually present in most PHP installations.
LVL 13

Author Comment

ID: 39288231
I used tcpdump -A port 80 to solve the problem , the command will output the
request header which include the exact path of request html/php filename

 now I will try your suggestion
from $_Server
LVL 58

Expert Comment

by:Julian Hansen
ID: 39288265
$_SERVER is for getting information about who is visiting from within your PHP script.

If you are asking how to monitor what files are being accessed on your system you need to look at your logs - they should contain all the information concerning GET's to the server - time, source IP file etc.

Is this what you were asking? If so then $_SERVER is not going to help you.
PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

LVL 110

Expert Comment

by:Ray Paseur
ID: 39288270
In PHP variables are case-sensitive.  $_Server != $_SERVER
LVL 13

Author Comment

ID: 39289216
Dear JulianH,

you are right $_SERVER is not working, what is your other suggestion to solve my asking
besides using tcpdump
LVL 58

Expert Comment

by:Julian Hansen
ID: 39289252
To answer I need to know what it is you are trying to achieve.

From your original post it sounds like you want to see when a page is being accessed. What is not clear is how you want to use this information.

Do you need to know when the page is being accessed in real time - as it is being accessed or are you only interested from a statistics perspective.

It would also be helpful to know a little bit more about your website and how it is constructed - pure HTML / php / ASPX etc

You mentioned you looked in the access logs and found nothing - this is strange because you should see logs of all requests to your site.

Are you self hosting? Is your server setup your responsibility or are you using an ISP?
LVL 13

Author Comment

ID: 39289985

I am using hosting company VSP server, normally I am using Cpanel and awstat to
keep track of the visitor access to my visit.Now I gave up to use it since I need to pay
for using Cpanel . Now I want to know how to
do php programming or other linux command to perform the same function of aswtat or
web counter .

I tried to tcpdump on my SSH shell it works finally and it will report out
the visitor IP and full path of the access file.

As I remember there should be one place to store all coming internet traffic to my website. SO I log into my root SSH shell and go to /var/log/httpd/access_log but
there is no any file. Do you know where is the access-log file for internet traffic on Linux ?
OR what other way to do the same as I just mentioned
LVL 13

Author Comment

ID: 39289993
Be reminded Now I do not allow to use Cpanel on VPS server since I nerver pay it on VPS server
LVL 82

Accepted Solution

hielo earned 500 total points
ID: 39290285
>>SO I log into my root SSH shell and go to /var/log/httpd/access_log
You need to look at your apache configuration for the CustomLog setting.

# Configuration and logfile names: If the filenames you specify for many
# of the server's control files begin with "/" (or "drive:/" for Win32), the
# server will use that explicit path.  If the filenames do *not* begin
# with "/", the value of ServerRoot is prepended -- so "logs/foo.log"
# with ServerRoot set to "/usr/local/apache" will be interpreted by the
# server as "/usr/local/apache/logs/foo.log".

If the site in question is a virtual host, first check to see if the virtual host definition defines a different CustomLog location from that of the main server CustomLog location.
LVL 13

Author Closing Comment

ID: 39309582
The final access log is found at /usr/local/apache/domlogs/ and at

after reading those two files, the first one, file is exactly record who
is accessing  my domain website.

Why the second file of access_logs is just reporting like this as follows ---[9/July/2013:222:05:01+3000] "Get /whm-server-status HTTP/1.0" 200 3984
ANd I could not find who is accessing my website information on second file.

Anyway, now at least I could find who is accessing my website on first file of

Please advise and thanks for your final soltuon


Featured Post

Secure Your WordPress Site: 5 Essential Approaches

WordPress is the web's most popular CMS, but its dominance also makes it a target for attackers. Our eBook will show you how to:

Prevent costly exploits of core and plugin vulnerabilities
Repel automated attacks
Lock down your dashboard, secure your code, and protect your users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question