Hello there,
I just installed nextcloud for testing purposes in our company infrastructure. Nefore we tried owncloud for some time but the lag of an auditing function killed the entire project so I was really happy to see, that nextcloud hast this feature from scratch.
But now I can’t find the place where nextcloud writes the audting log? Am I just blind or is there a trick to find it?
I’m no Linux Pro so please excuse me if this question seems a little stupid dumb 
Kind regards
Gregor
It’s written in the default log of your instance.
Check config/config.php for an entry like:
'logfile' => '/var/www/nextcloud/data/nextcloud.log',
Hey nickvergessen,
thanks for your answer. I allready located the owncloud.log, but there are no informations stored like “user xy share folder zyx” which I thought would be logged by the audit app. Do I have to set it up somehow?
You need to enable the app either via the UI, or via CLI:
sudo -u www-data ./occ app:enable admin_audit
What’s the log level you are using? It needs to be at least “Info, …”
Ok, somehow it works now. After using this command and disabeling/enableing the App again in the UI it writes the required informations in the logfile.
Thank you very much!
Random add here was that I could download a full log (named nextcloud.log) with tons of data, dated since install from the UI but when I went to the nextcloud.log file nothing was there. I kept trying to find where this was… Where was it storing it if not enabled? I’m still trying to get it to populate into the nextcloud.log empty file.
Do you have a separate directory or drive for your data? The Logfile ist stored under [DATADIRECTORY]/nextcloud log not in the data-Folder within the nextcloud directory. You can change this in your config.php
I think this audit log needs a special place in the web UI. There should be a separate audit log that’s separated from the “general chatter” in the nextcloud.log. Since auditing is a big topic in a lot of companies, this feature could really use some spicing up. Separate log, log viewer in the web UI, maybe password potection before you can view, backup of the log etc.
Agreed. Any interest in making this happen?
I’d like to see a special area in the UI as well. Currently the output just shows that files were added/deleted but I would like to have more info like the user’s name that did the action.
Also, when using the syslog feature the Logging area in the UI doesn’t work at all, instead it hangs and throws a PHP fileopen() error in the log.
