Kinsta allows for SSH and searching through your access logs. Here’s a few snippets that allow for searching through your access logs to find issues.
You’ll notice that all the requests start with cd /www/*/logs &&. This will automatically navigate to where the access logs are. If you’re using this on another platform, you may need to edit or remove this. While the guide here is specific to Kinsta, the commands can be altered for searching anywhere as they are generic Linux search commands. Note that Kinsta only keeps access logs for four days. If you’re looking for data past that, you can recover from a backup into your staging environment.
Not sure how to connect via SSH? Check out their guide on how to connect to SSH at Kinsta.
Top URL Requests
cd /www/*/logs && cat access.* | awk '{print $6}' | sort -n | uniq -c | sort -nr | head -n10
Or search all gz files as well which will be for the past four days
cd /www/*/logs && zcat access*.gz | grep -v -E '/GET/' | awk '{print $6}' | sort -n | uniq -c | sort -nr | head -n10
Top IP’s hitting a specific URL
cd /www/*/logs && awk '{print $2,$6}' access.* | sort | uniq -c | sort -nr | head -40
Top User Agents
The following is useful if you’re looking to block bad bots.
cd /www/*/logs && awk -F'"' '/GET/ {print $6}' access.* | cut -d' ' -f1 | sort | uniq -c | sort -rn
or
cd /www/*/logs && grep -i "bot" access.* | awk '{ print $2,$12,$13,$14,$15 }' | sort -n | uniq -c | sort -nr | head -25
Top Requests Hitting wp-login
cd /www/*/logs && grep -i "wp-login" access.* |awk '{print $2}' | sort -n | uniq -c | sort -nr | head -n10
Or if you’re looking for when someone hit wp-login at a specific time.
cd /www/*/logs && grep -i "wp-login" access.* |awk '{print $3}' | sort -n | uniq -c | sort -nr | head -n10 |grep '2020:19'
Monitor Continued BYPASS Check
The following is useful if you’re looking for data on what’s bypassing cache.
cd /www/*/logs && tail -f kinsta-cache-perf.log | grep BYPASS
