I have recently installed Nextcloud for a small group. I would like to be able to log the successful logins as well as failed logins.
I saw an older post (How to log successful logins) that says the “Auditing/Logging” app should provide this feature but I have that app enabled (as per default settings) and I also changed the nextcloud/config/config.php file loglevel to 1 and also tried it at 0 for debug level, but it did not log the successful logins.
I have my nextcloud logs in a file /var/nc_data/nextcloud.log
Is there something else that I need to enable or change in the configuration to be able to get the successful logins and other data such as how long logged in, etc.?
Thank you in advance
Nextcloud version 16.0.1
Operating system and version Ubuntu 18.04
Apache or nginx version - nginx 1.17.0
PHP version 7.3.6-1
Are you saying there is no way to see successful logins?
I am already able to see the failed logins.
I want to be able to see the successful logins and it appears the program has done that in the past. Is there a way to still do that with the current version?
At least I did not found how. Only what I can see requests already after login, but it does not give you any information if user just logged in, or did used previously open session.
I believe you can try to enable
and check audit.log afterwards under your data folder.
Since v14, failed logins are logged in nextcloud.log and successful logins are logged in audit.log.
Except for not looking in the audit.log file, you’ve probably done everything else correctly. If in doubt, the installation guide for the “Splunk App for Nextcloud” contains the steps necessary to configure Nextcloud to log both. You can access it here: https://intranet.graabek.com/cloud/index.php/s/Lc9oXkaWNmQHBqG
Just read page 4 only as the rest is about how to get a Splunk server up and running to monitor a Nextcloud server once it (the Nextcloud server) has been configured to log correctly.
I am seeing the successful logins in the audit.log file
Are there any easy methods for being able to see how long someone is logged in and what they did while logged in - such as upload or download a file or have a conversation in the Talk app?
Is there more detailed instructions of how to get the user’s activity combined with webserver logfiles on Nextcloud’s site or any other site?
Or do you have any detailed step by step instructions of how to do this?
One thing I am also interested in being able to determine is when a user starts a Talk conversation; when and how many other people join the conversation and how long the conversation is.
I’m using an ELK stack with Filebeat for log files retrieving and getting metrics. I don’t know anything about Talk and it’s logging capabilities. Sorry
It is certainly possible to see what they did and when they did it, but for how long is more challenging.
The what and when can be answered by the “Splunk App for Nextcloud”. You can see some sample dashboards here: https://splunkbase.splunk.com/app/3398/
It does not (yet) report on anything to do with the Talk app.
The file from J-Doc was a good start for me.
I added a few things to it GitHub - marcohald/filebeat-nextcloud
I thought i post it here because this Thread is very high listed in my Google Search