Better user logs (i.e. change passwords / logins cpanel / logins whm)
We would really like to see an improvement in the logging, currently many of the logging can be found back in all different log files with know how on which scripts are executed and so on, but it would be easier for a system administrator to quickly see who did change a password and from which IP; or which client did actually log into WHM and when.
The need comes from users who complain about their account suddenly not working because they forgot to update one of their many devices using imap i.e. (changed it on a computer, but forgot it on their phone and tablet and get locked out before they know it).
I would however saves us lots of time if we could see if the client did indeed change their password; or that someone else did this. Now we have to dig through several log files and hope to find the change; but with a good logging this could be done in seconds.
Hope you will consider this change.
I like this idea 
cPanel, WebHost Manager and WHM are registered trademarks of cPanel, L.L.C. for providing its computer software that facilitates the management and configuration of Internet web servers.
In most cases, this information (password changes and other activity) is readily found in /usr/local/cpanel/logs/access_log (be it WHM, cPanel, or Webmail password change). However, like most logs, log rotation could mean the relevant information is cycled out from view. I gather this is what resulted in this feature request?
Of course, manual changes outside of cPanel & WHM (directly modifying a password with 'passwd' or literally editing the equivalent passwd file with a new hash) cannot be logged in current form.
It sounds like, however, that a feature request which explicitly logged particular behavior would be useful and fulfill this request. For example, /var/cpanel/accounting.log contains a historical view of all account create/remove actions. Would a similar file that logs specific behaviors in a similar fashion satisfy this feature request?
Again, it still would not be "definitive" since changes outside of cPanel & WHM's mechanisms would not be able to be logged. But, it may introduce further clarity.
If so, what other behaviors (beside password changes) would be deemed useful for this log?
In most cases, this information (password changes and other activity) is readily found in /usr/local/cpanel/logs/access_log (be it WHM, cPanel, or Webmail password change). However, like most logs, log rotation could mean the relevant information is cycled out from view. I gather this is what resulted in this feature request?
Of course, manual changes outside of cPanel & WHM (directly modifying a password with 'passwd' or literally editing the equivalent passwd file with a new hash) cannot be logged in current form.
It sounds like, however, that a feature request which explicitly logged particular behavior would be useful and fulfill this request. For example, /var/cpanel/accounting.log contains a historical view of all account create/remove actions. Would a similar file that logs specific behaviors in a similar fashion satisfy this feature request?
Again, it still would not be "definitive" since changes outside of cPanel & WHM's mechanisms would not be able to be logged. But, it may introduce further clarity.
If so, what other behaviors (beside password changes) would be deemed useful for this log?
Resellers like to have this information about their clients they don't have access to any log files in root. It would be helpful to see the last logins and from which Ip's and if they where successful or not.
Resellers like to have this information about their clients they don't have access to any log files in root. It would be helpful to see the last logins and from which Ip's and if they where successful or not.
Voted for this feature. In the same way as it's also easy to get e-mail delevery reports directly from exim's logs with the correct skills, it takes time and isn't accessible for non sysadmins.
Users should be able to view their password changes, logins and any change to their account like creating a database, deleting an e-mail account etc. Everything should be accessible in a sort of events logs that could be filtered by type of event and corresponding section in cPanel.
Voted for this feature. In the same way as it's also easy to get e-mail delevery reports directly from exim's logs with the correct skills, it takes time and isn't accessible for non sysadmins.
Users should be able to view their password changes, logins and any change to their account like creating a database, deleting an e-mail account etc. Everything should be accessible in a sort of events logs that could be filtered by type of event and corresponding section in cPanel.
I voted for this as well. It would be wonderful if this included more detailed logging of cPanel file manager actions as well.
I voted for this as well. It would be wonderful if this included more detailed logging of cPanel file manager actions as well.
It would be great to have this feature
It would be great to have this feature
Agreed. We just had to do some forensics on a hacked server. Better logs for key events would be super helpful.
Agreed. We just had to do some forensics on a hacked server. Better logs for key events would be super helpful.
absolutely crazy this is still not implemented, much better auditing is really needed.
absolutely crazy this is still not implemented, much better auditing is really needed.
A facility to review the logs and maybe change settings for retention and rotation would be a wonderful tool. There are quite a few places where WHM and cPanel could benefit from having easily accessible user-action audit tools.
I recently opened a feature improvement request somewhat related to this. Although it is more focused on the information displayed in cPanel and improving the login data for per-account usage. See here: Login IP Address Improvements.
Adding better log auditing in general would make it much easier for cPanel users who tend to grant access to multiple people to then review the security of their account and audit activity within it.
A facility to review the logs and maybe change settings for retention and rotation would be a wonderful tool. There are quite a few places where WHM and cPanel could benefit from having easily accessible user-action audit tools.
I recently opened a feature improvement request somewhat related to this. Although it is more focused on the information displayed in cPanel and improving the login data for per-account usage. See here: Login IP Address Improvements.
Adding better log auditing in general would make it much easier for cPanel users who tend to grant access to multiple people to then review the security of their account and audit activity within it.
we also need this for auditing!
we also need this for auditing!
Replies have been locked on this page!