Find cc attack IPs use shell scripts by log files - bash

I have a history web log files like this:
157.15.14.19 - - 06 Sep 2016 09:13:10 +0300 "GET /index.php?id=1 HTTP/1.1" 200 16977 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
157.15.14.19 - - 06 Sep 2016 09:13:11 +0300 "GET /index.php?id=2 HTTP/1.1" 200 16977 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
157.15.14.19 - - 06 Sep 2016 09:13:12 +0300 "GET /index.php?id=3 HTTP/1.1" 200 16977 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
157.15.14.19 - - 06 Sep 2016 09:14:13 +0300 "GET /index.php?id=4 HTTP/1.1" 200 16977 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
157.15.14.19 - - 06 Sep 2016 09:14:14 +0300 "GET /index.php?id=5 HTTP/1.1" 200 16977 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
157.15.14.19 - - 06 Sep 2016 09:15:15 +0300 "GET /index.php?id=6 HTTP/1.1" 200 16977 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
157.15.14.19 - - 06 Sep 2016 09:15:16 +0300 "GET /index.php?id=7 HTTP/1.1" 200 16977 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
157.15.14.19 - - 06 Sep 2016 09:15:17 +0300 "GET /index.php?id=8 HTTP/1.1" 200 16977 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
157.15.14.19 - - 06 Sep 2016 09:16:10 +0300 "GET /index.php?id=9 HTTP/1.1" 200 16977 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
157.15.14.19 - - 06 Sep 2016 09:16:10 +0300 "GET /index.php?id=10 HTTP/1.1" 200 16977 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
8.8.8.8 - - 06 Sep 2016 09:17:10 +0300 "GET /index.php?id=11 HTTP/1.1" 200 16977 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
9.9.9.9 - - 06 Sep 2016 09:17:10 +0300 "GET /index.php?id=12 HTTP/1.1" 200 16977 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
157.15.14.19 - - 06 Sep 2016 09:18:10 +0300 "GET /index.php?id=13 HTTP/1.1" 200 16977 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
157.15.14.19 - - 06 Sep 2016 09:19:10 +0300 "GET /index.php?id=14 HTTP/1.1" 200 16977 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
157.15.14.19 - - 06 Sep 2016 09:19:10 +0300 "GET /index.php?id=15 HTTP/1.1" 200 16977 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
157.15.14.19 - - 06 Sep 2016 09:20:10 +0300 "GET /index.php?id=15 HTTP/1.1" 200 16977 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
123.123.123.123 - - 06 Sep 2016 09:21:10 +0300 "GET /index.php?id=15 HTTP/1.1" 200 16977 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
157.15.14.19 - - 06 Sep 2016 09:22:10 +0300 "GET /index.php?id=15 HTTP/1.1" 200 16977 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
I want find out the cc attack IPs,only through the yesterday web log files
This example , I sign a cc attack :
every 5 minutes,The same remote ip request counts more than 5, the ip will a cc attack and print it.
The log file is all day,and only use bash scripts, just like awk,cat,gawk,sed and so..
Please me some suggest, Thanks a lot.
Update:
I try wite the test script (per 2minutes the same request count>5)
yy#yy:/tmp/tb$ cat 5.txt |awk '{print $7,$1}' |awk -F: '{print $1*60+int($2/2),$0}' |sort |uniq -c -f2 |awk '{if($1>5){print $0}}'
10 546 09:13:10 157.15.14.19
But, the code is so badly, It will be optimization.


awk -v Interval=5 -v Trig=5 -F '[[:blank:]]*|:' '
{
# using format log
# 157.15.14.19 - - 06 Sep 2016 09:13:10 +0300 "GET /index.php?id=1 HTTP/1.1" 200 16977 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
# $1 2 3 4 5 6 7 8 9 10 11 ...
ThisTime = $7 * 60 + $8
#if new cycle (so this line is not in the cycle)
if ( ThisTime > ( LastTic + Interval ) ) {
# check and print last cycle hit
for( IP in IPCounts) if ( IPCounts[ IP] > Trig) print LastTime " " IP " : " IPCounts[ IP]
# reset reference
split( "", IPCounts)
LastTime = $4 " " $5 " " $6 " " $7 ":" sprintf( "%2d", ( $8 - ( $8 % Interval) )) ":00"
LastTic = $7 * 60 + ( $8 - ( $8 % Interval) )
}
# add this line to new cycle
IPCounts[ $1]++
}
END {
# print last cycle
for( IP in IPCounts) if ( IPCounts[ IP] > Trig) print LastTime " " IP " : " IPCounts[ IP]
}
' YourFile
# for format of log
# op.g.cc 124.145.36.121 - - [21/Nov/2016:03:38:02 +0800] ==> 172.11.0.238:80 "POST ...
# $1 2 3 4 5 6 7 8 9 10 11 ...
# change:
# $7 by $6, $8 by $7
# LastTime = $5 ":" $6 ":" sprintf( "%2d", ( $7 - ( $7 % Interval) )) ":00 +800]"
# IPCounts[ $2]++
Note:
work quick and dirty for time selection (you mention 1 log per day). If more precision is needed, use mkftime to use real epoch time reference
Trig is the count trigger level (5 times) and Interval is the time of the cycle (5 minutes)

Related

User Agent missing in an access.log of the Traefik

I have configured Traefik 2.3.1 to write an accesslog to a file. But the log is missing User Agent (browser, OS info).
Is it somehow configurable?
The Traefik is running from docker-compose.yml:
version: '3.4'
services:
proxy:
image: traefik:2.3.1
command:
- "--providers.docker=true"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- ./traefik/traefik.toml:/traefik.toml:ro
- ./logs/traefik:/logs/traefik
ports:
- "80:80"
- "443:443"
restart: unless-stopped
Some lines from the traefik.toml:
[accessLog]
filePath = "/logs/traefik/access.log"
bufferingSize = 100
And the log looks like this:
3.22.235.211 - - [01/Feb/2021:15:42:41 +0000] "GET /.env HTTP/1.1" 404 555 "-" "-" 367 "site#docker" "http://172.18.0.4:8000" 1ms
3.22.235.211 - - [01/Feb/2021:15:42:42 +0000] "POST / HTTP/1.1" 405 559 "-" "-" 368 "site#docker" "http://172.18.0.4:8000" 0ms
66.249.66.153 - - [01/Feb/2021:15:45:43 +0000] "GET /robots.txt HTTP/1.1" 200 13 "-" "-" 369 "site#docker" "http://172.18.0.4:8000" 1ms
66.249.66.153 - - [01/Feb/2021:15:45:44 +0000] "GET / HTTP/1.1" 200 11698 "-" "-" 370 "site#docker" "http://172.18.0.4:8000" 0ms
The log of nginx running behind the Traefik:
172.18.0.2 - - [01/Feb/2021:15:42:41 +0000] "GET /.env HTTP/1.1" 404 555 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" "3.22.235.211"
172.18.0.2 - - [01/Feb/2021:15:42:42 +0000] "POST / HTTP/1.1" 405 559 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" "3.22.235.211"
172.18.0.2 - - [01/Feb/2021:15:45:43 +0000] "GET /robots.txt HTTP/1.1" 200 13 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" "66.249.66.153"
172.18.0.2 - - [01/Feb/2021:15:45:44 +0000] "GET / HTTP/1.1" 200 11698 "-" "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.113 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" "66.249.66.153"
Thanks

By default traefik does not log headers in its access logs. You have to add them. Look at this part of the documentation.

I changed traefik.toml as tetram pointed and it started to work:
[accessLog]
filePath = "/logs/traefik/access.log"
bufferingSize = 100
[accessLog.fields.headers.names]
"User-Agent" = "keep"

how to use cat | awk | xargs sed to replace a char

I wrote a little bash script to parse Apache Access log to count POST|GET request.
My script works fine but I have a little graphical issue when I want to remove "[" char from the date field return by awk command.
Here is my script:
clear
ls /var/log/httpd | egrep *access_log$ > temp.txt
while read line
do
linecount=$(cat /var/log/httpd/"$line" | wc -l)
#echo -e "$line"
#echo -e "$linecount"
if [ $linecount -gt 0 ]
then
echo -e "==========================================="
echo -e "$line"
echo -e "Date de debut du log :"
cat /var/log/httpd/"$line" | awk -v ligne=1 'NR == ligne, FS=":" {print $4}' | xargs -0 sed -i 's/\[//g'
echo -e "Date de fin du log :"
cat /var/log/httpd/"$line" | awk 'END {print $4}'
echo -e "Nombre de requêtes sur la période :"
egrep -i 'post|get' /var/log/httpd/"$line" | wc -l
fi
linecount=0
done < temp.txt
rm -f temp.txt
An example of standard output of this code looks like this :
===========================================
xxx.xxx.xxx-ssl_access_log
Date de debut du log :
sed: impossible de lire [01/Jan/2021:07:34:59
: Aucun fichier ou dossier de ce type
Date de fin du log :
[22/Jan/2021:07:44:44
Nombre de requêtes sur la période :
22
Why can't sed use the string piped by awk?
How can I correct it ?
Below an example of log imput file :
54.36.148.55 - - [29/Dec/2020:18:05:38 +0100] "GET /robots.txt HTTP/1.1" 404 159
54.36.149.92 - - [29/Dec/2020:18:05:38 +0100] "GET / HTTP/1.1" 200 2394
54.36.148.185 - - [30/Dec/2020:17:51:06 +0100] "GET / HTTP/1.1" 200 2394
54.36.149.77 - - [31/Dec/2020:17:19:18 +0100] "GET /robots.txt HTTP/1.1" 404 159
54.36.148.97 - - [31/Dec/2020:17:19:19 +0100] "GET / HTTP/1.1" 200 2394
54.36.149.61 - - [01/Jan/2021:14:45:59 +0100] "GET / HTTP/1.1" 200 2394
54.36.148.151 - - [02/Jan/2021:16:26:22 +0100] "GET /robots.txt HTTP/1.1" 404 159
54.36.148.71 - - [02/Jan/2021:16:26:24 +0100] "GET / HTTP/1.1" 200 2394
54.36.148.108 - - [03/Jan/2021:15:21:28 +0100] "GET / HTTP/1.1" 200 2394
208.100.26.249 - - [03/Jan/2021:23:15:13 +0100] "GET / HTTP/1.1" 200 2394
54.36.149.95 - - [04/Jan/2021:15:28:31 +0100] "GET /robots.txt HTTP/1.1" 404 159
54.36.148.202 - - [04/Jan/2021:15:28:32 +0100] "GET / HTTP/1.1" 200 2394
54.36.149.24 - - [05/Jan/2021:14:44:52 +0100] "GET / HTTP/1.1" 200 2394
54.36.148.184 - - [06/Jan/2021:15:00:55 +0100] "GET /robots.txt HTTP/1.1" 404 159
54.36.149.54 - - [06/Jan/2021:15:00:55 +0100] "GET / HTTP/1.1" 200 2394
54.36.148.185 - - [07/Jan/2021:14:03:13 +0100] "GET / HTTP/1.1" 200 2394
51.158.103.247 - - [08/Jan/2021:12:31:33 +0100] "GET / HTTP/1.1" 200 2394
54.36.148.17 - - [08/Jan/2021:14:10:18 +0100] "GET /robots.txt HTTP/1.1" 404 159
54.36.148.185 - - [08/Jan/2021:14:10:19 +0100] "GET / HTTP/1.1" 200 2394
54.36.148.101 - - [09/Jan/2021:14:17:39 +0100] "GET /robots.txt HTTP/1.1" 404 159
54.36.148.94 - - [09/Jan/2021:14:17:40 +0100] "GET / HTTP/1.1" 200 2394
54.36.148.103 - - [10/Jan/2021:15:21:24 +0100] "GET /robots.txt HTTP/1.1" 404 159
54.36.148.68 - - [10/Jan/2021:15:21:24 +0100] "GET / HTTP/1.1" 200 2394
54.36.148.208 - - [11/Jan/2021:18:15:40 +0100] "GET /robots.txt HTTP/1.1" 404 159
54.36.149.78 - - [11/Jan/2021:18:15:41 +0100] "GET / HTTP/1.1" 200 2394
54.36.148.64 - - [12/Jan/2021:20:37:08 +0100] "GET /robots.txt HTTP/1.1" 404 159
54.36.149.38 - - [12/Jan/2021:20:37:09 +0100] "GET / HTTP/1.1" 200 2394
54.36.149.66 - - [13/Jan/2021:20:40:09 +0100] "GET /robots.txt HTTP/1.1" 404 159
54.36.148.203 - - [13/Jan/2021:20:40:10 +0100] "GET / HTTP/1.1" 200 2394
51.158.127.119 - - [14/Jan/2021:11:41:05 +0100] "GET / HTTP/1.1" 200 2394
51.15.251.143 - - [14/Jan/2021:11:52:04 +0100] "GET / HTTP/1.1" 200 2394
54.36.149.76 - - [14/Jan/2021:20:05:36 +0100] "GET / HTTP/1.1" 200 2394
208.100.26.243 - - [18/Jan/2021:10:20:00 +0100] "GET / HTTP/1.1" 200 2394
208.100.26.248 - - [25/Jan/2021:04:10:37 +0100] "GET / HTTP/1.1" 200 2394

Using awk as a "complete" solution
awk 'FNR==1 {
gsub("[[]","",$4);
sdat=$4 # When the file record number (FNR) is 1, remove [ from the 4th space separated field with gsub and set sdat to this field
}
ENDFILE {
gsub("[[]","",$4);
fdat=$4; # When we reach the end of each file, remove [ gain from the 4th field and set fdat to this field
print "==========================================="
print FILENAME # Print the filename using awk's FILENAME variable
print "Date de debut du log :" # Print the data required
print sdat
print "Date de fin du log :"
print fdat
print "Nombre de requêtes sur la période :"
print FNR # Print the total number of records in the file (file number record)
} ' /var/log/httpd/*access_log

# user15097052 : you'll absolutely love the insane power afforded by AWK. It's great because of its simplicity - it doesn't come with every bell and whistle, but for the building blocks it does, they do it REALLY well.
These days I pretty much avoid touching wc, sed, cut, and the majority of the time, I prefer not having to deal with perl or python3. The URL encode/decode module on python3 slows me down compared to awk.

bash - filter IP in file by time

I need complete the program "wana" to filter this IP log by time (-a > after , -b > before >> time from-to) to show rows only in specified time datetime format: YYYY-MM-DD HH:MM:SS to parameters -a and -b
This is my file with logs, i use : https://pajda.fit.vutbr.cz/ios/ios-19-1-logs/blob/master/ios-example.com.access.log >
testing log :
2001:67c:1220:80c:d4:985a:df2c:d717 - - [22/Feb/2019:07:49:01 +0100] "GET / HTTP/1.1" 200 58266 "-" "curl/7.61.1"
2001:67c:1220:80c:d4:985a:df2c:d717 - - [22/Feb/2019:08:49:01 +0100] "GET / HTTP/1.1" 200 58341 "-" "curl/7.61.1"
2001:67c:1220:808::93e5:8ad - - [22/Feb/2019:08:56:10 +0100] "POST /wp-cron.php?doing_wp_cron=1550822170.2184400558471679687500 HTTP/1.1" 200 3279 "https://ios-example.com/wp-cron.php?doing_wp_cron=1550822170.2184400558471679687500" "WordPress/4.9.9; https://ios-example.com"
40.77.167.115 - - [22/Feb/2019:08:56:10 +0100] "GET / HTTP/1.1" 301 3541 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
147.229.13.201 - - [22/Feb/2019:09:24:33 +0100] "-" 408 3275 "-" "-"
147.229.13.201 - - [22/Feb/2019:09:24:33 +0100] "-" 408 3275 "-" "-"
198.27.69.191 - - [22/Feb/2019:09:43:13 +0100] "GET / HTTP/1.1" 200 22311 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:64.0) Gecko/20100101 Firefox/64.0"
198.27.69.191 - - [22/Feb/2019:09:43:24 +0100] "GET / HTTP/1.1" 200 22313 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:64.0) Gecko/20100101 Firefox/64.0"
198.27.69.191 - - [22/Feb/2019:09:43:42 +0100] "GET /?gf_page=upload HTTP/1.1" 200 22304 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:64.0) Gecko/20100101 Firefox/64.0"
198.27.69.191 - - [22/Feb/2019:09:44:07 +0100] "GET / HTTP/1.1" 200 22313 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:64.0) Gecko/20100101 Firefox/64.0"
198.27.69.191 - - [22/Feb/2019:09:44:37 +0100] "GET /?up_auto_log=true HTTP/1.1" 200 22315 "-" "Mozilla/5.0 (Windows NT 6.1; rv:36.0) Gecko/20100101 Firefox/36.0"
198.27.69.191 - - [22/Feb/2019:09:44:54 +0100] "GET /wp-admin/ HTTP/1.1" 302 3711 "-" "Mozilla/5.0 (Windows NT 6.1; rv:36.0) Gecko/20100101 Firefox/36.0"
198.27.69.191 - - [22/Feb/2019:09:44:55 +0100] "GET /wp-login.php?redirect_to=https%3A%2F%2Fios-example.com%2Fwp-admin%2F&reauth=1 HTTP/1.1" 200 3656 "-" "Mozilla/5.0 (Windows NT 6.1; rv:36.0) Gecko/20100101 Firefox/36.0"
198.27.69.191 - - [22/Feb/2019:09:45:38 +0100] "GET / HTTP/1.1" 200 22311 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:64.0) Gecko/20100101 Firefox/64.0"
2001:67c:1220:80c:d4:985a:df2c:d717 - - [22/Feb/2019:09:49:01 +0100] "GET / HTTP/1.1" 200 58276 "-" "curl/7.61.1"
2001:67c:1220:808::93e5:8ad - - [22/Feb/2019:10:49:01 +0100] "POST /wp-cron.php?doing_wp_cron=1550828941.3725960254669189453125 HTTP/1.1" 200 3279 "https://ios-example.com/wp-cron.php?doing_wp_cron=1550828941.3725960254669189453125" "WordPress/4.9.9; https://ios-example.com"
2001:67c:1220:80c:d4:985a:df2c:d717 - - [22/Feb/2019:10:49:01 +0100] "GET / HTTP/1.1" 200 58241 "-" "curl/7.61.1"
66.249.66.49 - - [22/Feb/2019:10:49:08 +0100] "GET /robots.txt HTTP/1.1" 404 3798 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
66.249.66.45 - - [22/Feb/2019:10:49:08 +0100] "GET / HTTP/1.1" 200 22306 "-" "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.96 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
82.202.69.253 - - [22/Feb/2019:11:26:58 +0100] "GET / HTTP/1.1" 200 22226 "-" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
82.202.69.253 - - [22/Feb/2019:11:27:44 +0100] "GET /HNAP1/ HTTP/1.1" 404 3723 "http://ios-example.com/" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
program wana (need complete):
#!/bin/bash
cat $5 | # filter rows by time from $2 to $4
This is how i call the program
$ ./wana -a "2019-02-22 09:00:00" -b "2019-02-22 09:44:54" ios-example.com.access.log
I need this selected output to console:
147.229.13.201 - - [22/Feb/2019:09:24:33 +0100] "-" 408 3275 "-" "-"
147.229.13.201 - - [22/Feb/2019:09:24:33 +0100] "-" 408 3275 "-" "-"
198.27.69.191 - - [22/Feb/2019:09:43:13 +0100] "GET / HTTP/1.1" 200 22311 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:64.0) Gecko/20100101 Firefox/64.0"
198.27.69.191 - - [22/Feb/2019:09:43:24 +0100] "GET / HTTP/1.1" 200 22313 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:64.0) Gecko/20100101 Firefox/64.0"
198.27.69.191 - - [22/Feb/2019:09:43:42 +0100] "GET /?gf_page=upload HTTP/1.1" 200 22304 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:64.0) Gecko/20100101 Firefox/64.0"
198.27.69.191 - - [22/Feb/2019:09:44:07 +0100] "GET / HTTP/1.1" 200 22313 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:64.0) Gecko/20100101 Firefox/64.0"
198.27.69.191 - - [22/Feb/2019:09:44:37 +0100] "GET /?up_auto_log=true HTTP/1.1" 200 22315

$ cat tst.sh
#!/bin/env bash
beg="$2"
end="$4"
file="$5"
awk -v beg="$beg" -v end="$end" '
{
split($4,t,/[[\/:]/)
mthNr = (index("JanFebMarAprMayJunJulAugSepOctNovDec",t[3])+2)/3
cur = sprintf("%04d-%02d-%02d %02d:%02d:%02d",t[4],mthNr,t[2],t[5],t[6],t[7])
}
(cur > beg) && (cur < end)
' "$file"
$ ./tst.sh -a '2019-02-22 09:00:00' -b '2019-02-22 09:44:54' file
147.229.13.201 - - [22/Feb/2019:09:24:33 +0100] "-" 408 3275 "-" "-"
147.229.13.201 - - [22/Feb/2019:09:24:33 +0100] "-" 408 3275 "-" "-"
198.27.69.191 - - [22/Feb/2019:09:43:13 +0100] "GET / HTTP/1.1" 200 22311 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:64.0) Gecko/20100101 Firefox/64.0"
198.27.69.191 - - [22/Feb/2019:09:43:24 +0100] "GET / HTTP/1.1" 200 22313 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:64.0) Gecko/20100101 Firefox/64.0"
198.27.69.191 - - [22/Feb/2019:09:43:42 +0100] "GET /?gf_page=upload HTTP/1.1" 200 22304 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:64.0) Gecko/20100101 Firefox/64.0"
198.27.69.191 - - [22/Feb/2019:09:44:07 +0100] "GET / HTTP/1.1" 200 22313 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:64.0) Gecko/20100101 Firefox/64.0"
198.27.69.191 - - [22/Feb/2019:09:44:37 +0100] "GET /?up_auto_log=true HTTP/1.1" 200 22315 "-" "Mozilla/5.0 (Windows NT 6.1; rv:36.0) Gecko/20100101 Firefox/36.0"
I expect you can add the getopts loop or whatever you like to really populate the variables from the arguments.

Something wrong with chef server

We are trying to setup chef infrastructure in our environment .
Till now I have install chef server 11.0 and have configured it, but while trying to access web interface with default credentials I'm getting following error,
we're sorry but something went wrong
following is some content of access.log file at /var/nginx/access.log
10.11.60.29 - - [25/Aug/2016:00:03:49 -0700] "GET /users/login HTTP/1.1" 304 "0.016" 0 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0" "127.0.0.1:9462" "304" "0.016" "-" "-" "-" "-" "-" 680
10.11.60.29 - - [25/Aug/2016:00:03:50 -0700] "GET /assets/application-34d2931a4024e71f18837a713e905ef6.css HTTP/1.1" 304 "0.004" 0 "https://10.11.60.29/users/login" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0" "127.0.0.1:9462" "304" "0.004" "-" "-" "-" "-" "-" 771
10.11.60.29 - - [25/Aug/2016:00:03:50 -0700] "GET /assets/application-39449c5463355a4c86a07971a900b9f4.js HTTP/1.1" 304 "0.272" 0 "https://10.11.60.29/users/login" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0" "127.0.0.1:9462" "304" "0.003" "-" "-" "-" "-" "-" 755
10.11.60.29 - - [25/Aug/2016:00:03:51 -0700] "GET /assets/facebox/loading.gif HTTP/1.1" 304 "0.013" 0 "https://10.11.60.29/users/login" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0" "127.0.0.1:9462" "304" "0.013" "-" "-" "-" "-" "-" 757
10.11.60.29 - - [25/Aug/2016:00:03:51 -0700] "GET /assets/facebox/closelabel.gif HTTP/1.1" 304 "0.018" 0 "https://10.11.60.29/users/login" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0" "127.0.0.1:9462" "304" "0.018" "-" "-" "-" "-" "-" 760
10.11.60.29 - - [25/Aug/2016:00:03:52 -0700] "GET /assets/facebox/tl.png HTTP/1.1" 304 "0.796" 0 "https://10.11.60.29/assets/application-34d2931a4024e71f18837a713e905ef6.css" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0" "127.0.0.1:9462" "304" "0.016" "-" "-" "-" "-" "-" 796
10.11.60.29 - - [25/Aug/2016:00:03:52 -0700] "GET /assets/facebox/br.png HTTP/1.1" 304 "0.016" 0 "https://10.11.60.29/assets/application-34d2931a4024e71f18837a713e905ef6.css" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0" "127.0.0.1:9462" "304" "0.016" "-" "-" "-" "-" "-" 796
10.11.60.29 - - [25/Aug/2016:00:03:52 -0700] "GET /assets/facebox/b.png HTTP/1.1" 304 "0.806" 0 "https://10.11.60.29/assets/application-34d2931a4024e71f18837a713e905ef6.css" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0" "127.0.0.1:9462" "304" "0.026" "-" "-" "-" "-" "-" 795
10.11.60.29 - - [25/Aug/2016:00:03:52 -0700] "GET /assets/facebox/tr.png HTTP/1.1" 304 "0.812" 0 "https://10.11.60.29/assets/application-34d2931a4024e71f18837a713e905ef6.css" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0" "127.0.0.1:9462" "304" "0.032" "-" "-" "-" "-" "-" 796
10.11.60.29 - - [25/Aug/2016:00:03:52 -0700] "GET /assets/facebox/bl.png HTTP/1.1" 304 "0.816" 0 "https://10.11.60.29/assets/application-34d2931a4024e71f18837a713e905ef6.css" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0" "127.0.0.1:9462" "304" "0.037" "-" "-" "-" "-" "-" 796
10.11.60.29 - - [25/Aug/2016:00:04:02 -0700] "POST /users/login_exec HTTP/1.1" 500 "0.027" 643 "https://10.11.60.29/users/login" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0" "127.0.0.1:9462" "500" "0.027" "-" "-" "-" "-" "-" 855
10.11.60.29 - - [25/Aug/2016:00:14:48 -0700] "GET /users/login HTTP/1.1" 304 "0.189" 0 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0" "127.0.0.1:9462" "304" "0.186" "-" "-" "-" "-" "-" 680
10.11.60.29 - - [25/Aug/2016:00:14:49 -0700] "GET /assets/application-39449c5463355a4c86a07971a900b9f4.js HTTP/1.1" 304 "0.006" 0 "https://10.11.60.29/users/login" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0" "127.0.0.1:9462" "304" "0.006" "-" "-" "-" "-" "-" 755
10.11.60.29 - - [25/Aug/2016:00:14:49 -0700] "GET /assets/application-34d2931a4024e71f18837a713e905ef6.css HTTP/1.1" 304 "0.567" 0 "https://10.11.60.29/users/login" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0" "127.0.0.1:9462" "304" "0.008" "-" "-" "-" "-" "-" 771
10.11.60.29 - - [25/Aug/2016:00:14:49 -0700] "GET /assets/facebox/loading.gif HTTP/1.1" 304 "0.010" 0 "https://10.11.60.29/users/login" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0" "127.0.0.1:9462" "304" "0.010" "-" "-" "-" "-" "-" 757
10.11.60.29 - - [25/Aug/2016:00:14:49 -0700] "GET /assets/facebox/closelabel.gif HTTP/1.1" 304 "0.051" 0 "https://10.11.60.29/users/login" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0" "127.0.0.1:9462" "304" "0.051" "-" "-" "-" "-" "-" 760
10.11.60.29 - - [25/Aug/2016:00:14:50 -0700] "GET /assets/facebox/b.png HTTP/1.1" 304 "0.175" 0 "https://10.11.60.29/assets/application-34d2931a4024e71f18837a713e905ef6.css" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0" "127.0.0.1:9462" "304" "0.007" "-" "-" "-" "-" "-" 795
10.11.60.29 - - [25/Aug/2016:00:14:50 -0700] "GET /assets/facebox/tl.png HTTP/1.1" 304 "0.175" 0 "https://10.11.60.29/assets/application-34d2931a4024e71f18837a713e905ef6.css" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0" "127.0.0.1:9462" "304" "0.007" "-" "-" "-" "-" "-" 796
10.11.60.29 - - [25/Aug/2016:00:14:50 -0700] "GET /assets/facebox/bl.png HTTP/1.1" 304 "0.010" 0 "https://10.11.60.29/assets/application-34d2931a4024e71f18837a713e905ef6.css" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0" "127.0.0.1:9462" "304" "0.010" "-" "-" "-" "-" "-" 796
10.11.60.29 - - [25/Aug/2016:00:14:50 -0700] "GET /assets/facebox/tr.png HTTP/1.1" 304 "0.012" 0 "https://10.11.60.29/assets/application-34d2931a4024e71f18837a713e905ef6.css" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0" "127.0.0.1:9462" "304" "0.012" "-" "-" "-" "-" "-" 796
10.11.60.29 - - [25/Aug/2016:00:14:50 -0700] "GET /assets/facebox/br.png HTTP/1.1" 304 "0.233" 0 "https://10.11.60.29/assets/application-34d2931a4024e71f18837a713e905ef6.css" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0" "127.0.0.1:9462" "304" "0.006" "-" "-" "-" "-" "-" 796
10.11.60.29 - - [25/Aug/2016:00:14:55 -0700] "-" 400 "5.473" 0 "-" "-" "-" "-" "-" "-" "-" "-" "-" "-" 0
10.11.60.29 - - [25/Aug/2016:00:15:09 -0700] "POST /users/login_exec HTTP/1.1" 500 "0.321" 643 "https://10.11.60.29/users/login" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0" "127.0.0.1:9462" "500" "0.321" "-" "-" "-" "-" "-" 846
10.11.60.29 - - [25/Aug/2016:00:20:26 -0700] "GET / HTTP/1.1" 302 "0.356" 108 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0" "127.0.0.1:9462" "302" "0.161" "-" "-" "-" "-" "-" 592
10.11.60.29 - - [25/Aug/2016:00:20:27 -0700] "GET /users/login HTTP/1.1" 200 "0.175" 1133 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0" "127.0.0.1:9462" "200" "0.175" "-" "-" "-" "-" "-" 866
10.11.60.29 - - [25/Aug/2016:00:20:28 -0700] "GET /assets/facebox/closelabel.gif HTTP/1.1" 304 "0.010" 0 "https://10.11.60.29/users/login" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0" "127.0.0.1:9462" "304" "0.010" "-" "-" "-" "-" "-" 950
10.11.60.29 - - [25/Aug/2016:00:20:28 -0700] "GET /assets/facebox/loading.gif HTTP/1.1" 304 "2.304" 0 "https://10.11.60.29/users/login" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0" "127.0.0.1:9462" "304" "0.078" "-" "-" "-" "-" "-" 947
10.11.60.29 - - [25/Aug/2016:00:20:28 -0700] "GET /assets/facebox/tl.png HTTP/1.1" 304 "0.164" 0 "https://10.11.60.29/assets/application-34d2931a4024e71f18837a713e905ef6.css" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0" "127.0.0.1:9462" "304" "0.008" "-" "-" "-" "-" "-" 986
10.11.60.29 - - [25/Aug/2016:00:20:29 -0700] "GET /assets/facebox/br.png HTTP/1.1" 304 "0.010" 0 "https://10.11.60.29/assets/application-34d2931a4024e71f18837a713e905ef6.css" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0" "127.0.0.1:9462" "304" "0.010" "-" "-" "-" "-" "-" 986
10.11.60.29 - - [25/Aug/2016:00:20:29 -0700] "GET /assets/facebox/b.png HTTP/1.1" 304 "0.466" 0 "https://10.11.60.29/assets/application-34d2931a4024e71f18837a713e905ef6.css" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0" "127.0.0.1:9462" "304" "0.010" "-" "-" "-" "-" "-" 985
10.11.60.29 - - [25/Aug/2016:00:20:29 -0700] "GET /assets/facebox/bl.png HTTP/1.1" 304 "0.418" 0 "https://10.11.60.29/assets/application-34d2931a4024e71f18837a713e905ef6.css" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0" "127.0.0.1:9462" "304" "0.013" "-" "-" "-" "-" "-" 986
10.11.60.29 - - [25/Aug/2016:00:20:29 -0700] "GET /assets/facebox/tr.png HTTP/1.1" 304 "0.720" 0 "https://10.11.60.29/assets/application-34d2931a4024e71f18837a713e905ef6.css" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0" "127.0.0.1:9462" "304" "0.016" "-" "-" "-" "-" "-" 986
10.11.60.29 - - [25/Aug/2016:00:20:47 -0700] "POST /users/login_exec HTTP/1.1" 500 "0.126" 643 "https://10.11.60.29/users/login" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0" "127.0.0.1:9462" "500" "0.126" "-" "-" "-" "-" "-" 1062
10.11.60.29 - - [25/Aug/2016:00:27:38 -0700] "GET / HTTP/1.1" 302 "0.100" 108 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0" "127.0.0.1:9462" "302" "0.093" "-" "-" "-" "-" "-" 808
10.11.60.29 - - [25/Aug/2016:00:27:38 -0700] "GET /users/login HTTP/1.1" 304 "0.025" 0 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0" "127.0.0.1:9462" "304" "0.025" "-" "-" "-" "-" "-" 866
10.11.60.29 - - [25/Aug/2016:00:27:39 -0700] "GET /assets/facebox/closelabel.gif HTTP/1.1" 304 "0.008" 0 "https://10.11.60.29/users/login" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0" "127.0.0.1:9462" "304" "0.008" "-" "-" "-" "-" "-" 950
10.11.60.29 - - [25/Aug/2016:00:27:40 -0700] "GET /assets/facebox/tl.png HTTP/1.1" 304 "0.841" 0 "https://10.11.60.29/assets/application-34d2931a4024e71f18837a713e905ef6.css" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0" "127.0.0.1:9462" "304" "0.008" "-" "-" "-" "-" "-" 986
10.11.60.29 - - [25/Aug/2016:00:27:40 -0700] "GET /assets/facebox/b.png HTTP/1.1" 304 "0.845" 0 "https://10.11.60.29/assets/application-34d2931a4024e71f18837a713e905ef6.css" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0" "127.0.0.1:9462" "304" "0.012" "-" "-" "-" "-" "-" 985
10.11.60.29 - - [25/Aug/2016:00:27:40 -0700] "GET /assets/facebox/loading.gif HTTP/1.1" 304 "0.849" 0 "https://10.11.60.29/users/login" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0" "127.0.0.1:9462" "304" "0.016" "-" "-" "-" "-" "-" 947
10.11.60.29 - - [25/Aug/2016:00:27:40 -0700] "GET /assets/facebox/bl.png HTTP/1.1" 304 "0.852" 0 "https://10.11.60.29/assets/application-34d2931a4024e71f18837a713e905ef6.css" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0" "127.0.0.1:9462" "304" "0.020" "-" "-" "-" "-" "-" 986
10.11.60.29 - - [25/Aug/2016:00:27:40 -0700] "GET /assets/facebox/br.png HTTP/1.1" 304 "0.026" 0 "https://10.11.60.29/assets/application-34d2931a4024e71f18837a713e905ef6.css" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0" "127.0.0.1:9462" "304" "0.026" "-" "-" "-" "-" "-" 986
10.11.60.29 - - [25/Aug/2016:00:27:40 -0700] "GET /assets/facebox/tr.png HTTP/1.1" 304 "0.859" 0 "https://10.11.60.29/assets/application-34d2931a4024e71f18837a713e905ef6.css" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0" "127.0.0.1:9462" "304" "0.027" "-" "-" "-" "-" "-" 986
10.11.60.29 - - [25/Aug/2016:00:27:54 -0700] "POST /users/login_exec HTTP/1.1" 500 "0.275" 643 "https://10.11.60.29/users/login" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0" "127.0.0.1:9462" "500" "0.275" "-" "-" "-" "-" "-" 1062
10.11.60.29 - - [25/Aug/2016:00:28:25 -0700] "GET /users/login HTTP/1.1" 200 "0.022" 1062 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0" "127.0.0.1:9462" "200" "0.022" "-" "-" "-" "-" "-" 896
10.11.60.29 - - [25/Aug/2016:00:28:26 -0700] "GET /assets/application-34d2931a4024e71f18837a713e905ef6.css HTTP/1.1" 304 "0.003" 0 "https://10.11.60.29/users/login" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0" "127.0.0.1:9462" "304" "0.003" "-" "-" "-" "-" "-" 771
10.11.60.29 - - [25/Aug/2016:00:28:26 -0700] "GET /assets/application-39449c5463355a4c86a07971a900b9f4.js HTTP/1.1" 304 "0.005" 0 "https://10.11.60.29/users/login" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0" "127.0.0.1:9462" "304" "0.005" "-" "-" "-" "-" "-" 755
10.11.60.29 - - [25/Aug/2016:00:28:26 -0700] "GET /assets/facebox/closelabel.gif HTTP/1.1" 304 "0.004" 0 "https://10.11.60.29/users/login" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0" "127.0.0.1:9462" "304" "0.004" "-" "-" "-" "-" "-" 760
10.11.60.29 - - [25/Aug/2016:00:28:26 -0700] "GET /assets/facebox/loading.gif HTTP/1.1" 304 "0.007" 0 "https://10.11.60.29/users/login" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0" "127.0.0.1:9462" "304" "0.007" "-" "-" "-" "-" "-" 757
10.11.60.29 - - [25/Aug/2016:00:28:26 -0700] "GET /assets/facebox/tl.png HTTP/1.1" 304 "0.009" 0 "https://10.11.60.29/assets/application-34d2931a4024e71f18837a713e905ef6.css" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0" "127.0.0.1:9462" "304" "0.009" "-" "-" "-" "-" "-" 796
10.11.60.29 - - [25/Aug/2016:00:28:26 -0700] "GET /assets/facebox/tr.png HTTP/1.1" 304 "0.014" 0 "https://10.11.60.29/assets/application-34d2931a4024e71f18837a713e905ef6.css" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0" "127.0.0.1:9462" "304" "0.014" "-" "-" "-" "-" "-" 796
10.11.60.29 - - [25/Aug/2016:00:28:26 -0700] "GET /assets/facebox/bl.png HTTP/1.1" 304 "0.016" 0 "https://10.11.60.29/assets/application-34d2931a4024e71f18837a713e905ef6.css" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0" "127.0.0.1:9462" "304" "0.016" "-" "-" "-" "-" "-" 796
10.11.60.29 - - [25/Aug/2016:00:28:26 -0700] "GET /assets/facebox/br.png HTTP/1.1" 304 "0.016" 0 "https://10.11.60.29/assets/application-34d2931a4024e71f18837a713e905ef6.css" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0" "127.0.0.1:9462" "304" "0.016" "-" "-" "-" "-" "-" 796
10.11.60.29 - - [25/Aug/2016:00:28:26 -0700] "GET /assets/facebox/b.png HTTP/1.1" 304 "0.023" 0 "https://10.11.60.29/assets/application-34d2931a4024e71f18837a713e905ef6.css" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0" "127.0.0.1:9462" "304" "0.023" "-" "-" "-" "-" "-" 795
10.11.60.29 - - [25/Aug/2016:00:28:35 -0700] "POST /users/login_exec HTTP/1.1" 500 "0.031" 643 "https://10.11.60.29/users/login" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0" "127.0.0.1:9462" "500" "0.031" "-" "-" "-" "-" "-" 846

"Caught SIGWINCH, shutting down gracefully" error in Openshift

I'm running Laravel in openshift server (Lamp stack) . My server was offline for past two days. Then, I looked into the error log, It says caught SIGWINCH, shutting down gracefully. But, It didn't give me more details. How to find the reason for the shutdown. I have attached the error log with this question.
- - - [13/Dec/2014:12:06:34 -0500] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.2.15 (Red Hat) (internal dummy connection)"
- - - [13/Dec/2014:12:06:34 -0500] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.2.15 (Red Hat) (internal dummy connection)"
[Sat Dec 13 12:06:34 2014] [notice] caught SIGWINCH, shutting down gracefully
[Mon Dec 15 01:15:31 2014] [notice] SELinux policy enabled; httpd running as context
unconfined_u:system_r:openshift_t:s0:c6,c126
[Mon Dec 15 01:15:31 2014] [notice] Digest: generating secret for digest authentication ...
[Mon Dec 15 01:15:31 2014] [notice] Digest: done
[Mon Dec 15 01:15:31 2014] [notice] Apache/2.2.15 (Unix) configured -- resuming normal operations
- - - [15/Dec/2014:01:15:32 -0500] "GET / HTTP/1.0" 302 268 "-" "-"
- - - [15/Dec/2014:01:15:38 -0500] "GET / HTTP/1.0" 302 268 "-" "-"
- - - [15/Dec/2014:01:15:41 -0500] "GET / HTTP/1.0" 302 268 "-" "-"
- - - [15/Dec/2014:01:15:44 -0500] "GET / HTTP/1.0" 302 268 "-" "-"
- - - [15/Dec/2014:01:15:47 -0500] "GET / HTTP/1.0" 302 268 "-" "-"
- - - [15/Dec/2014:01:15:49 -0500] "GET / HTTP/1.0" 302 268 "-" "-"
- - - [15/Dec/2014:01:15:52 -0500] "GET / HTTP/1.0" 302 268 "-" "-"
- - - [15/Dec/2014:01:15:55 -0500] "GET / HTTP/1.0" 302 268 "-" "-"
- - - [15/Dec/2014:01:15:58 -0500] "GET / HTTP/1.0" 302 268 "-" "-"
- - - [15/Dec/2014:01:16:04 -0500] "GET / HTTP/1.0" 302 268 "-" "-"
- - - [15/Dec/2014:01:16:07 -0500] "GET / HTTP/1.0" 302 268 "-" "-"
- - - [15/Dec/2014:01:16:10 -0500] "GET / HTTP/1.0" 302 268 "-" "-"
- - - [15/Dec/2014:01:16:14 -0500] "GET / HTTP/1.0" 302 268 "-" "-"
(98)Address already in use: make_sock: could not bind to address 127.12.49.129:8080
no listening sockets available, shutting down
Unable to open logs
Can anyone please help in finding the reason for the error ?
Thanks in advance.

SIGWINCH is also used by some services that need to restart Apache when rotating logs, nightly jobs, etc.
That doesn't explain the problem you're currently having, but I think it might be something else running on your server that's restarting Apache – or it might not be related to your problem at all.

Resources