Successful logins logs

Hello!

Analyzing nextcloud logs we have found out there are no logs for successful logins. On the flip side we can see failed attempts. Could you pelase assist us to understand how to configure the log configuration file and what should be additionally done to also receive logs for the successful logins which would be further sent to syslog as per the logs settings.

Nextcloud version - 27.1.3.2
OS RHEL 7
Configuration in the .php file as follow:
‘log_type’ => ‘syslog’,
‘syslog_tag’ => ‘Nextcloud’,
‘logfile’ => ‘’,
‘loglevel’ => 0,
‘log.condition’ =>
array (
‘apps’ =>
array (
0 => ‘admin_audit’,
),
),
);

Thank you!

They should show up in the Admin audit log. Here’s a an example on how a “Login successfull” entry looks like: Logging — Nextcloud latest Administration Manual latest documentation

Afaik, the default location of the audit.log is in the Nextcloud data folder.

If you want to send the Admin audit messages to syslog as well, I’d say you need to add the following lines to your config.php:

"log_type_audit" => "syslog",
"syslog_tag_audit" => "Nextcloud",
"logfile_audit" => "",

See also here: Logging — Nextcloud latest Administration Manual latest documentation

Unrelated (mostly), but this version is very out of date and very much not supported.

@bb77 thanks a lot!!

Do you know if the line "logfile_audit" => "", should be written in addition to ‘logfile’ => "", or replace it. If replaced, won’t we lose any logs?

Good question. I’m not 100% sure, since I don’t send my log messages to syslog, but I’d say that it probably doesn’t matter if the log_type is set to syslog.

In other words, they probably don’t do anything unless log_type is set to file, so I’d say you might as well omit them both.

See also the following snippet from the config.sample.php:

/**
 * Name of the file to which the Nextcloud logs are written if parameter
 * ``log_type`` is set to ``file``.
 *
 * Defaults to ``[datadirectory]/nextcloud.log``
 */
'logfile' => '/var/log/nextcloud.log',

/**
 * Name of the file to which the audit logs are written if parameter
 * ``log_type`` is set to ``file``.
 *
 * Defaults to ``[datadirectory]/audit.log``
 */
'logfile_audit' => '/var/log/audit.log',

Actually, I think it would probably be better to omit them, because if for some reason the log_type were changed back to file, the logs would then be written to the respective files in the default location, which would be your data folder, whereas I don’t know whether this would also be the case if these settings were explicitly defined with an empty value. So the changes of losing logs might actually be higher if you include them like that.

But I guess these are the kind of questions where a separate test instance comes in handy…

Out of curiosity I tested it for you

The following settings are actually enough to send both, the standard and the audit messages to syslog. The logfile or logfile_audit enties in the config.php will then be ignored.

 'log_type' => 'syslog',
 'log_type_audit' => 'syslog',

and

  'log.condition' => 
  array (
    'apps' => 
    array (
      0 => 'admin_audit',
    ),

Conclusions:

• No logfile or logfile_audit entries are needed if log_type and log_type_audit are set to syslog

• If you do have logfile and logfile_audit enties in your config.php they will be ignored, unless you change the log_type and/or log_type_audit settings back to file, in which case the log messages will be sent to the respective files at the locations specified in the logfile and/or logfile_audit settings again.

• If you don’t have any logfile entries in your config.php, or if they are set to empty values, and then change the log_type and/or log_type_audit settings to file, the log messages will be sent to the respective files at the default location, which is in Nextcloud’s data folder.

So you should be safe from losing logs either way.

Hope that clears things up a bit.

Thanks a lot! You are a rockstar!