PHP Apached Question
Posted: Mon Jan 11, 2016 11:08 am
Hi Nagios,
In ssl_request and access log I see these entries for certain hosts. This logging is happening extremely fast. I'm trying to track down the IP that is doing the requests. Can you please tell me what kind of request this is doing from within Nagios front-end? We have XI 5.2.2.
Thanks
[11/Jan/2016:10:57:32 -0500] x.x.x.x TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 "GET /nagiosxi/ajaxhelper.php?cmd=getxicoreajax&opts=%7B%22func%22%3A%22get_host_status_detailed_info_html%22%2C%22args%22%3A%7B%22hostname%22%3A%22bos-800-81%22%2C%22host_id%22%3A%2214269%22%2C%22display%22%3A%22simple%22%7D%7D&nsp=fcb4d6a67db47c9bdadcbce7b60ac48f HTTP/1.1" 27
[11/Jan/2016:10:57:32 -0500] x.x.x.xTLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 "GET /nagiosxi/ajaxhelper.php?cmd=getxicoreajax&opts=%7B%22func%22%3A%22get_host_status_state_summary_html%22%2C%22args%22%3A%7B%22hostname%22%3A%22bos-800-81%22%2C%22host_id%22%3A%2214269%22%2C%22display%22%3A%22simple%22%7D%7D&nsp=fcb4d6a67db47c9bdadcbce7b60ac48f HTTP/1.1" 27
[11/Jan/2016:10:57:33 -0500] x.x.x.xTLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 "GET /nagiosxi/ajaxhelper.php?cmd=getxicoreajax&opts=%7B%22func%22%3A%22get_host_status_quick_actions_html%22%2C%22args%22%3A%7B%22hostname%22%3A%22bos-800-81%22%2C%22host_id%22%3A%2214269%22%2C%22display%22%3A%22simple%22%7D%7D&nsp=fcb4d6a67db47c9bdadcbce7b60ac48f HTTP/1.1" 27
[11/Jan/2016:10:57:33 -0500] x.x.x.xTLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 "GET /nagiosxi/ajaxhelper.php?cmd=getxicoreajax&opts=%7B%22func%22%3A%22get_host_comments_html%22%2C%22args%22%3A%7B%22hostname%22%3A%22bos-800-81%22%2C%22host_id%22%3A%2214269%22%2C%22display%22%3A%22simple%22%7D%7D&nsp=fcb4d6a67db47c9bdadcbce7b60ac48f HTTP/1.1" 27
[11/Jan/2016:10:57:33 -0500] x.x.x.xTLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 "GET /nagiosxi/ajaxhelper.php?cmd=getxicoreajax&opts=%7B%22func%22%3A%22get_host_status_detailed_info_html%22%2C%22args%22%3A%7B%22hostname%22%3A%22bos-800-81%22%2C%22host_id%22%3A%2214269%22%2C%22display%22%3A%22advanced%22%7D%7D&nsp=fcb4d6a67db47c9bdadcbce7b60ac48f HTTP/1.1" 27
[11/Jan/2016:10:57:33 -0500] x.x.x.xTLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 "GET /nagiosxi/ajaxhelper.php?cmd=getxicoreajax&opts=%7B%22func%22%3A%22get_host_status_attributes_html%22%2C%22args%22%3A%7B%22hostname%22%3A%22bos-800-81%22%2C%22host_id%22%3A%2214269%22%2C%22display%22%3A%22all%22%7D%7D&nsp=fcb4d6a67db47c9bdadcbce7b60ac48f HTTP/1.1" 27
[11/Jan/2016:10:57:35 -0500] x.x.x.xTLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 "GET /nagiosxi/ajaxhelper.php?cmd=getxicoreajax&opts=%7B%22func%22%3A%22get_host_status_state_summary_html%22%2C%22args%22%3A%7B%22hostname%22%3A%22bed-800-63%22%2C%22host_id%22%3A%2214246%22%2C%22display%22%3A%22simple%22%7D%7D&nsp=928a585874b9351893a90028a0f8a1f0 HTTP/1.1" 27
[11/Jan/2016:10:57:35 -0500] x.x.x.xTLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 "GET /nagiosxi/ajaxhelper.php?cmd=getxicoreajax&opts=%7B%22func%22%3A%22get_host_status_detailed_info_html%22%2C%22args%22%3A%7B%22hostname%22%3A%22bed-800-63%22%2C%22host_id%22%3A%2214246%22%2C%22disp
In ssl_request and access log I see these entries for certain hosts. This logging is happening extremely fast. I'm trying to track down the IP that is doing the requests. Can you please tell me what kind of request this is doing from within Nagios front-end? We have XI 5.2.2.
Thanks
[11/Jan/2016:10:57:32 -0500] x.x.x.x TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 "GET /nagiosxi/ajaxhelper.php?cmd=getxicoreajax&opts=%7B%22func%22%3A%22get_host_status_detailed_info_html%22%2C%22args%22%3A%7B%22hostname%22%3A%22bos-800-81%22%2C%22host_id%22%3A%2214269%22%2C%22display%22%3A%22simple%22%7D%7D&nsp=fcb4d6a67db47c9bdadcbce7b60ac48f HTTP/1.1" 27
[11/Jan/2016:10:57:32 -0500] x.x.x.xTLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 "GET /nagiosxi/ajaxhelper.php?cmd=getxicoreajax&opts=%7B%22func%22%3A%22get_host_status_state_summary_html%22%2C%22args%22%3A%7B%22hostname%22%3A%22bos-800-81%22%2C%22host_id%22%3A%2214269%22%2C%22display%22%3A%22simple%22%7D%7D&nsp=fcb4d6a67db47c9bdadcbce7b60ac48f HTTP/1.1" 27
[11/Jan/2016:10:57:33 -0500] x.x.x.xTLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 "GET /nagiosxi/ajaxhelper.php?cmd=getxicoreajax&opts=%7B%22func%22%3A%22get_host_status_quick_actions_html%22%2C%22args%22%3A%7B%22hostname%22%3A%22bos-800-81%22%2C%22host_id%22%3A%2214269%22%2C%22display%22%3A%22simple%22%7D%7D&nsp=fcb4d6a67db47c9bdadcbce7b60ac48f HTTP/1.1" 27
[11/Jan/2016:10:57:33 -0500] x.x.x.xTLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 "GET /nagiosxi/ajaxhelper.php?cmd=getxicoreajax&opts=%7B%22func%22%3A%22get_host_comments_html%22%2C%22args%22%3A%7B%22hostname%22%3A%22bos-800-81%22%2C%22host_id%22%3A%2214269%22%2C%22display%22%3A%22simple%22%7D%7D&nsp=fcb4d6a67db47c9bdadcbce7b60ac48f HTTP/1.1" 27
[11/Jan/2016:10:57:33 -0500] x.x.x.xTLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 "GET /nagiosxi/ajaxhelper.php?cmd=getxicoreajax&opts=%7B%22func%22%3A%22get_host_status_detailed_info_html%22%2C%22args%22%3A%7B%22hostname%22%3A%22bos-800-81%22%2C%22host_id%22%3A%2214269%22%2C%22display%22%3A%22advanced%22%7D%7D&nsp=fcb4d6a67db47c9bdadcbce7b60ac48f HTTP/1.1" 27
[11/Jan/2016:10:57:33 -0500] x.x.x.xTLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 "GET /nagiosxi/ajaxhelper.php?cmd=getxicoreajax&opts=%7B%22func%22%3A%22get_host_status_attributes_html%22%2C%22args%22%3A%7B%22hostname%22%3A%22bos-800-81%22%2C%22host_id%22%3A%2214269%22%2C%22display%22%3A%22all%22%7D%7D&nsp=fcb4d6a67db47c9bdadcbce7b60ac48f HTTP/1.1" 27
[11/Jan/2016:10:57:35 -0500] x.x.x.xTLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 "GET /nagiosxi/ajaxhelper.php?cmd=getxicoreajax&opts=%7B%22func%22%3A%22get_host_status_state_summary_html%22%2C%22args%22%3A%7B%22hostname%22%3A%22bed-800-63%22%2C%22host_id%22%3A%2214246%22%2C%22display%22%3A%22simple%22%7D%7D&nsp=928a585874b9351893a90028a0f8a1f0 HTTP/1.1" 27
[11/Jan/2016:10:57:35 -0500] x.x.x.xTLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 "GET /nagiosxi/ajaxhelper.php?cmd=getxicoreajax&opts=%7B%22func%22%3A%22get_host_status_detailed_info_html%22%2C%22args%22%3A%7B%22hostname%22%3A%22bed-800-63%22%2C%22host_id%22%3A%2214246%22%2C%22disp