Search Logs
Real-time tail, search and filter of server log files, including rotated and gzipped archives.
Version 1.0.3 · Bundled with the core · requires PHP 7.4+ Tail, search and filter server log files in real time.
Search Logs is a real-time log viewer for the whole server: pick any of the 37 pre-configured logs (Apache, cPanel, Exim, MySQL/MariaDB, system, …), tail it live, filter it with one or two search terms, and — in deep search mode — dig through rotated and gzipped archives. You can hide defaults you don't use and add your own log paths.
A quick-search tile on the dashboard lets you launch a search without entering the module.
Search tab
Toolbar
| Control | Behavior |
|---|---|
| Log file | Dropdown of every configured log that actually exists on disk, with its path and current size. |
| Search | Primary filter — case-insensitive substring match (not regex), max 256 chars. Matches are highlighted in the output. Debounced as you type. |
| Narrow | Optional second filter — a line must contain both terms (the narrow term is case-sensitive). Great for error + a specific domain. |
| Deep search off/ON | Off (default): only the live file is searched. ON: the whole rotation family is traversed — access_log, access_log.1, access_log.2.gz, … (up to 30 files), decompressing .gz archives on the fly. Heavier — uses CPU. |
| Refresh now | Immediate fetch. |
| Pause / Resume (5s) | Auto-refresh pulls new lines every 5 seconds; pause it while reading. |
The viewer
A terminal-style panel (dark background, 500 px, scrollable):
- Infinite scroll — scrolling to the top loads older lines; the bottom loads newer ones. Up to 2 000 lines are kept in the DOM (older ones are trimmed automatically).
- “N new lines ↓” badge — appears when new content arrives while you're scrolled up.
- Lines longer than 1 MiB are truncated with a
[truncated]marker; all content is HTML-escaped.
Search limits (and what the warning means)
To protect the server, a search stops after scanning 16 MiB of log data (single file) or 64 MiB (deep search across the family). When the cap is hit you'll see “Deep search scan limit reached … Refine the filter to dig further.” — make the search term more specific and re-run.
Configuration tab
Default logs
The 37 shipped entries, each with name, path, Status (OK = file exists, missing = not on this server) and Visibility. Use Hide / Show to declutter the dropdown without deleting anything — hidden defaults survive updates and can be restored anytime.
Shipped coverage includes:
| Family | Logs |
|---|---|
| Web servers | Apache error / access / ModSecurity audit / suPHP · Nginx error / access |
| Exim main / panic / reject · maillog (IMAP/POP) | |
| Databases | MariaDB · MySQL error · MySQL slow query (+ auto-discovery, below) |
| cPanel | error, access, stats, license, login, panic, queueprocd, accounting, latest backup & transporter logs |
| System | messages, secure, cron, boot, dmesg, auditd/SELinux, chkservd, lfd, dnf, yum |
| Other | BIND (named.run), WSA |
Some entries are globs (e.g. cpbackup/*.log) — the newest matching file is used.
MySQL auto-discovery: the extension also asks the local MySQL/MariaDB (SHOW VARIABLES) where its error / slow-query / general logs really are, and adds those entries automatically (badged auto; result cached 10 minutes; silently skipped if MySQL is unreachable).
Custom logs
Add any file on the server:
| Field | Rules |
|---|---|
| Display name | Required, max 100 chars. |
| Absolute path | Required, must start with /, max 500 chars, no .. segments or glob characters. |
Custom entries can be edited inline or deleted (confirmed), and are stored in config/logs.user.json — preserved across extension updates.
How it reads logs (runtime)
- Navigation is byte-offset cursor-based — pagination stays stable even while the file grows, and survives log rotation.
- Files are read in 64 KiB chunks, backwards from the end for tail/search.
- Gzip support: archives are detected by magic bytes and decompressed to memory (≤ 50 MiB) or a temp file (larger), transparently.
- Everything is enforced server-side: chunk sizes (500 lines default, 2 000 max per request), scan caps, path whitelisting (only configured logs can be read).
Data & file map
| Path | Purpose |
|---|---|
extensions/search-logs/config/logs.default.json |
The 37 shipped log definitions (overwritten on update) |
extensions/search-logs/config/logs.user.json |
Your additions + hidden defaults (preserved, 0600) |
extensions/search-logs/var/mysql-log-paths.cache.json |
MySQL auto-discovery cache (10 min TTL) |