How can I track IP connections?

The Basics

• Nextcloud Server version (e.g., 29.x.x):
  • 31.0.3
• Operating system and version (e.g., Ubuntu 24.04):
  • Software as a Service

Summary of the issue you are facing:

I have to track remote connections, so I have to know source remote IP addresses.
How can I track them?
I also enabled GeoIP app, but I do not find details concerning remote IP connections and country details.

There are not reverse proxies.
I cannot manage other devices in this infrastrcuture.
I simply need to know source remote IP directly from NextCloud.

Log entries

I tried to see logs from the web interface.
I did not find details under “Activity”.
Moreover I did not see details within “Administration > Logging”

How can I solve this issue?

Maybe the Audit log is what you are looking for.

nextcloud.log itself contains information about remote address but log reader is maybe not the best tool to extract it:

image1342×799 105 KB

Interesting, I need to investigate this configuration!

I expected a easier way to get remote IP addresses attempted to login on NextCloud platform using the web interface.
In my scenario, I dont’ have access to the Linux server terminal.
Furthermore, I do not see a log easily as to whether a successful login has taken place.
I currently see a few login attempts.

I expected more details after GeoFiltering app deployment (for example the source country code).

Thansk for your help!

The usefulness of IP tracking or GeoIP apps is quite limited. Problem is e.g. VPN. It’s practically useless for safety. You need 2FA for that, for example. I don’t think professionals look at ip addresses at all. They either use automated tools for filtering or 2FA.

If you want to have a quick look, you can of course look at the webserver logs and have the corresponding APNs and subnets searched out, for example. But also APNs and subnets must not really show the geo location of the client.

We have already implemented MFA for our user.
We prefer to have GeoFiltering and IP tracking too, just to collect more details about connections.

If the use of ‘Admin audit log’ can help collect information about successful logins or failed logins I will implement the configuration.

Thanks a lot
Federico

I don’t use any Geo-Filtering on my NextCloud, I use my firewall for that.

If you don’t use Cloudflare, I’d suggest then using a Reverse Proxy server with Fail2Ban or other IP Filtering. You can filter through the Reverse Proxy for the IPs you don’t want connecting to your stuff, making your NextCloud host more performant since it doesn’t need to worry about that.

Security is a journey, not a destination. The more layers someone needs to overcome, the better.

But yes, as already mentioned, Geo-Filtering isn’t useful because it’s beyond trivial to make yourself look like you’re in the US when you’re in Belarus for example. It will stop script kiddies running their scripts from their basement, but won’t stop more motivated attackers. Having a multi-level approach to access is always best.