If you can judge the IPs these users are coming from, the Apache
other_vhost_access.log depending on your setup there) will output every request made, for example:
cloud.server.org:443 220.127.116.11 - - [09/Jun/2017:19:28:33 +0000] "GET /apps/files/ HTTP/1.1" 200 8304 "https://cloud.server.org/apps/files_pdfviewer/?file=%2Fremote.php%2Fwebdav%2FDocuments%2FDefending%2520Office%2520365%2520Against%2520Denial-of-Service%2520Attacks.pdf" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36"
The above refers to me opening a file named Defending Office 365 Against Denial of Service Attacks.pdf in Documents
It’s not an app within NC, granted, but it’s an option.
@linucksrox you’re putting too much thought into this, I wouldn’t expect @ToeiRei to divulge any more info. @ToeiRei wants to see when a file is accessed, hence:[quote=“ToeiRei, post:3, topic:13842”]
like pdf files viewed in the pdf viewer - or images
And: [quote=“ToeiRei, post:1, topic:13842”]
track the files users are looking into
Suggest it’s users, not guests. This is like an audit.