CyberHosting

Improved logging and standardized log paths

Log related Improvement suggestions.


Better access logs for Authentication to the Admin/client login page :8090 and to the API who did what from where and when

Maybe something like?
/usr/local/CyberCP/logs/login_log
192.168.0.20 - Username [07/10/2013:18:43:00 -0000] "POST /login/?login_only=1 HTTP/1.1" FAILED LOGIN lscpd: Username password hash is missing from system (Username probably does not exist)
192.168.0.21 - Username [07/10/2013:18:43:14 -0000] "POST /login/?login_only=1 HTTP/1.1" FAILED LOGIN lscpd: Username password hash is missing from system (Username probably does not exist)
192.168.0.22 - Username [07/15/2013:16:21:50 -0000] "POST /login/?login_only=1 HTTP/1.1" FAILED LOGIN lscpd: Username password incorrect


User activity logs of things done in Cyberpanel adding deleting email ftp accounts etc
/usr/local/CyberCP/logs/client_activity_log
192.168.0.20 - example [10/08/2016:13:37:32 -0000] "GET //index.html HTTP/1.1" 200 0 "" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0" "s" "-" 2083

Rainloop webmail authentification/error logs
/usr/local/CyberCP/logs/rainloop

Suggestions to standardized the log file locations so that they are accessible in the same location across Centos and Ubuntu. This can be easily done via symlinks created upon install/upgrade if missing.

Possibly set up a symlink on Ubuntu for the common log locations
ln -s source_file myfile

Centos sshd auth Ubuntu path
/var/log/secure > /var/log/auth.log

Centos email log Ubuntu path
/var/log/maillog > /var/log/mail.log

Centos Kernel Ubuntu kernel and general logs
/var/log/messages > /var/log/syslog


Suggested symlinks
ln -s /var/log/auth.log /var/log/secure
ln -s /var/log/mail.log /var/log/maillog
ln -s /var/log/syslog /var/log/messages


Example:
Link the Ubuntu path to the universal centos one. So if someone is looking online at the log locations they can find it either way easily.
root@ols:~# ln -s /var/log/auth.log /var/log/secure

root@ols:~# ls -l /var/log/secure
lrwxrwxrwx 1 root root 17 Oct 8 13:53 /var/log/secure -> /var/log/auth.log
root@ols:~# tail -f /var/log/secure
Oct 8 13:53:48 ols sshd[13842]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.15.101 user=root
Oct 8 13:53:48 ols sshd[13844]: Connection closed by 103.228.114.21 port 53226 [preauth]
Tagged:
Tagged:
Sign In or Register to comment.
CyberPanel Discord

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!