I’ve been trying various ways to be able to read audit the logs from Nextcloud (13.05) I have tried the logviewer but it just doesn’t give enough information. I’ve downloaded the log file and can find the info I’m looking for (user, file accessed, time/date) but I need to be able to submit this to an auditor.
I came across this post Audit and Forensic Logs
Followed the guide and it seemed to work, splunk saw the server and was getting some sort of data (cpu,ram,users,shares) and no errors. However it didn’t seem to be getting the data from nextcloud.log to display all the data graphically on the splunk app for nextcloud.
I imported the file manually from /mnt/ncdata/nextcloud.log and when I searched I could see the data had imported from the log, however it still did not display graphically. I wasn’t sure what format the nextcloud log file was in.
Has anybody else installed splunk and this app and if so is it working? and how did you get it to work correctly?
Or if anybody is willing to install it on their own test bench and troubleshoot with me? as this looks like an incredible app that lots of people are crying out for especially for auditing.
I have a spare Nextcloud instance (14.01) for testing so I have no problem trying anything.
In the meantime I’ll keep testing to see if I can get it to work. I will also post a guide here if I’m successful.