Hello everyone
I’m currently using nextcloud 25, which I’m going to update this week.
I would like to know, if it’s possible, what commands to type to be able to extract all connection attempts, connection/login errors etc… and possibly output a report from the Suspicious Login plug-in, to generate a security report to give to my management.
Many thanks in advance.
Best regards
You can see the last login:
The suspicious login app is not supported in current releases (only up to NC 25):
Thank you
the big problem is that I can’t see all the connections in a single command like “sudo -u www-data php occ user:lastseen user” or “sudo -u www-data php occ user:lastseen *”.
I am therefore obliged to launch the same command one by one for my 60 ldap users and 150 local users (I don’t want to imagine the work involved for large nextcloud servers with more than 1000 users.), and only for check the most recent login, not all login over 1 month, for example , and then there’s no function allowing me to check connection attempts over 1 month or only 1 week.
You could setup the: Admin Audit Log and send the data to an external log management software like e.g. https://graylog.org/products/source-available/
Larger organizations typically use external log servers with dedicated tools (like the one mentioned in the example above) to manage their application logs.
Have you tried → nc-who ← ? I don’t know to what extent it can cope with ldap backend but it would be worth a try.
I hope that helps,
much luck!
thank you both, I will study these two solutions
I think it’s a shame that this security analysis/report part is not included as standard in nextcloud, at a time when we need to be more than vigilant on this point.