Logfiles and Integrity Protection

clzvego · July 18, 2024, 5:49am

ENG:
We need detailed logs for each uploaded document and its change history. What options does Nextcloud offer regarding integrity protection, especially with respect to exporting this information/logs?

Additionally, is it possible to log in via certificate exchange instead of using a username and password, or is only 2FA available?

GER:
Wir benötigen detaillierte Logs zu jedem hochgeladenen Dokument und dessen Veränderungshistorie. Welche Möglichkeiten bietet die Nextcloud bezogen auf den Integritätsschutz, auch im Hinblick auf den Export dieser Informationen/Protokolle?

Zusätzlich die Frage, ist es möglich statt über User & Kennwort über ein Zertifikatsaustausch bspw. sich einzuloggen oder lediglich die 2FA?

ernolf · July 18, 2024, 6:48am

Are you already working with the → admin_audit log ← ?

It logs AppManagement-, Auth-, Console-, Files-, GroupManagement-, Security-, Sharing-, Trashbin-, UserManagement- and Versions-events in json format, so → easy to filter and reuse in scripts ← .

→ this ← is about logrotation if you want to make your logfiles GDPR compliant.

You need


App-Id	twofactor_webauthn
App-Name	Two-Factor WebAuthn
Summary	WebAuthn two-factor provider
Categories	security
Repository	GitHub - nextcloud/twofactor_webauthn: WebAuthn Two-Factor Provider for Nextcloud
php-Extensions	gmp
NC min/max	26 / 29
	Not-shipped (not included) App available in appstore
Appstore	https://apps.nextcloud.com/apps/twofactor_webauthn

That App implements the FIDO2 Standard witth all its benefits (Windows Hello, Apple Face ID etc), not only as second factor but as main login (first factor) as well.

Viel Glück,
ernolf

clzvego · July 18, 2024, 7:13am

I have already used the admin_audit log on my main instance but never at the maximum detail level.

What log level is required to get this information for each uploaded file? And what is the best way to archive these log files? Via a log server?

I’ll checkout the WebAuthn App thanks.

ernolf · July 18, 2024, 7:39am

The admin_audit log does not rely on loglevel. It is more a generic logger. You can see the actions → here ←

However, errors that occur during logging itself are logged depending on the log level.

That is totaly up to you.
However, if you want to further process and evaluate the audit log events, I would recommend logging them in a separate file and not in Syslog.

ernolf

jtr · July 18, 2024, 1:52pm

That’s more a of a general system administration / enterprise log management question. We can’t really answer that for you (at least not here). It’s not Nextcloud specific.

Nextcloud supports the typical log export types. You can use everything from a simple file-based system… to sending sending stuff off to an enterprise system like Splunk.

Based on some of your questions, I’m wondering if you truly have the admin_audit log app enabled and functioning. It sounds maybe a bit like you’re just using the normal logging. They’re two independent systems. Please read the page @ernolf linked to. File creation is definitely logged via the audit logging.

We need detailed logs for each uploaded document and its change history. What options does Nextcloud offer regarding integrity protection, especially with respect to exporting this information/logs?

That said, if your needs are more enterprise oriented (kind of sounds like it), you may want to reach out to Nextcloud GmbH (Nextcloud Enterprise: Content collaboration software for enterprises) to discuss your specific needs.