show user login history with ip address and username used
-
@micro said in show user login history with ip address and username used:
But how can we monitor WebApp logins?
isn’t webapp logging this anymore?
[Wed Mar 08 20:03:24.725781 2017] [:error] [pid 12297] [client aaa.bbb.ccc.ddd:4453] Kopano WebApp user: ysdxfsa: authentication failure at MAPI, referer: https://my.server.at/webapp/?logonhttps://forum.kopano.io/topic/108/how-to-protect-webapp-fail2ban
-
which log file is the line from? in your previous post you said:
The way to find this information for WebApp logins is to query the webserver logging for it.
I am only aware of webservers log mechanism (in my case apache2) which will write the access and error logs in “/var/log/apache/my-customized.log”. But the apache2 log does not contain such lines, they always start with an IP address and look like this:
192.168.0.123 - - [20/Jan/2020:16:49:12 +0100] “POST /kopano.php?subsystem=webapp_8475519283644 HTTP/1.1” 200 597 “https://mykopano.example.tld/” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.108 Safari/537.36”
I checked the WebApp admin manual, there is a logging directive which by default is OFF:
define(‘LOG_USER_LEVEL’, LOGLEVEL_OFF);
should I put this to LOGLEVEL_WARN ? which log file is written for WebApp then?
-
@micro said in show user login history with ip address and username used:
which log file is the line from
In the past this was logged into the error.log. But for the WebApp log levels it may be more appropriate to ask in the webapp sub forum.
-
grep -R -i user /var/log/apache/*error*didn’t show any hits. There is no information about “user”. I will try to ask the question on the WebApp sub-forum and point to this thread…
thank you so far Felix
-
maybe try
grep -R -i user /var/log/apache2/* -
@item: please read and think first
-
I don’t know your configuration of apache2 but the default log is at /etc/apache2
and for me grep -R -i user /var/log/apache2/* works and gives output like :/var/log/apache2/error.log.1:[Sun Jan 26 22:41:40.557437 2020] [:error] [pid 18123] [client 192.168.2.72:50142] Kopano WebApp user: georg: authentication failure at MAPI, referer: https://serveraddress/webapp/
rg
Christian -
Hi Chris,
certainly you did mean “…the default log is in /var/log/apache2” :) Thanks for the information, that is correct. But it shows the failed logins.
My question was related to “succeeded” logins to track when, who and which backend was used.
-
anyone else? how can we
- track succeeded logins in Kopano ?
- track access (attach/open) to certain mailboxes (eg. when a user attaches or requests a particular mailbox, other than its own)
?
-
@micro have you checked the audit logging?
-
A bit late, and maybe it’s already mentioned in the thread, but, are you looking for this:
https://forum.kopano.io/topic/2569/logging-of-login-attemts -
@klausade: THANK YOU!
