How do you monitor a file on a web server and log every access, ideally by IP address, in a database (MySQL)?

Question

For security reasons, there is a certain file on my web server I want to be able to monitor access to. Every time it is accessed, I want to have an entry added to a MySQL log table. This way, I can actively respond to security breaches from within the web application.

You can also watch for file access events the directory from a program i.e. the o/s will generate an event and call your program routine. Just have that log to the database and do whatever else you want to. e,g,. send SMS messages etc. maybe interesting? http://stackoverflow.com/questions/4205815/monitoring-file-and-directory-access-on-linux. It is similar on windows as well. — Ryan Vincent, Sep 21 '16 at 08:14

score 1 · Answer 1 · answered Jun 17 '13 at 07:17

The Apache HTTP Server provides logging capabilities.

The server access log records all requests processed by the server. The location and content of the access log are controlled by the CustomLog directive. The LogFormat directive can be used to simplify the selection of the contents of the logs. This section describes how to configure the server to record information in the access log.

It can be used to write the log to a file. If you need to store in a MySQL table, run a cron job to import the file into the database.

Further information on logs is here: http://httpd.apache.org/docs/1.3/logs.html#accesslog

score 1 · Answer 2 · answered Sep 21 '16 at 07:12

Its been removed from PHP7 but for anyone else who finds this post there are a number of options within the FAM (now PECL) extension. This function http://php.net/manual/en/function.fam-monitor-file.php seems to describe what is needed here

Additionally you can access a lot of detail about the files status with http://php.net/manual/en/function.stat.php. Put this within a cron or sleep driven script and you can then see when its changed.

score 0 · Answer 3 · answered Jun 17 '13 at 07:41

The file may be accessed from three points:

Direct filesystem access
Call to the url like www.example.com/importantfile.jpg (apache serves the file)
Call to some php script on your server www.example.com/readfile.php?name=important.jpg which reads the file.

If you are concerned only about case 2 then check the solution of Rishi Dua.

But if you want more than that then you should write a script with fileatime() call and then add it to cron to run every minute for example.

The pseudocode for it:

<?php
$previous_access_time = get_previous_access_time(); // get the previous last access time from you remembered in db or textfile or whatever
$current_access_time = fileatime('path/to/very_important_file.jpg');
if ($previous_access_time != $current_access_time) {
   log_access_to_db();
   save_new_access_time(); // update the new last access time
}

This solution however has some problems. First is that you can get only the access time but not the user-id or ip of who accessed the file. Second is that as the manual says, some Unix system do not update the access time and so the solution would fail.

If you are seriously concerned about the security, then I think you have to check for some audit util like this

How do you monitor a file on a web server and log every access, ideally by IP address, in a database (MySQL)?

3 Answers3