Our features site is undergoing a refresh! Be sure to explore the revamped site and discover our latest product roadmap launching here on Monday, March 18th.
New Topic
cPanel & WHM Feature RequestsTopicFile Management
Properties
Category File Management
Tags file manager, transfer_log

Built-in filemanager "transfer log"

Csurgi shared this idea 9 years ago
Open Discussion

It's would be very useful if the built-in filemanagers generate a transfer-log like pureftpd about the file creation/delete/etc. events.

33 I like this idea 0  

Replies (4)

photo
1
hbouma 8 years ago

Yes, this would help track down which IP uploaded what malware file to the server (or what size it was at the time to help determine if it was already infected or not), or how did xyz file get removed off the account. We get that type of question all the time and when the file manager doesn't log file operations, it makes it more difficult to track down.

Reply
photo
1
benny@cpanel.net 8 years ago

This feature could definitely help with that, but I wanted to also mention that it should be possible to do these things as the server administrator by looking at the cPanel and system logs on the command line.

photo
1
hbouma 8 years ago

The access logs in cPanel shows some of the activity for the file manager, but it can be obscure over what actions are taking place. Such as below where I can see files are being uploaded, but its not clear which ones:


  1. 00.11.22.33 - user [04/15/2016:12:54:08 -0000] "POST /cpsess9267138266/json-api/cpanel HTTP/1.1" 200 0 "htt\ps://cpanel1.example.com:2083/cpsess9267138266/frontend/x3/filemanager/upload-ajax.html?file=&fileop=&dir=%2Fhome%2Fuser%2Fpublic_html%2Falbum%2Fphotos%2FRam+Nabami+2016&dirop=&charset=&file_charset=&baseurl=&basedir="; "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.5 Safari/537.36" "s" "-" 2083

    00.11.22.33 - user [04/15/2016:12:55:41 -0000] "POST /cpsess9267138266/json-api/cpanel HTTP/1.1" 200 0 "htt\ps://cpanel1.example.com:2083/cpsess9267138266/frontend/x3/filemanager/upload-ajax.html?file=&fileop=&dir=%2Fhome%2Fuser%2Fpublic_html%2Falbum%2Fphotos%2FRam+Nabami+2016&dirop=&charset=&file_charset=&baseurl=&basedir="; "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.5 Safari/537.36" "s" "-" 2083

    Or such in this case, I know the file, but it doesn't show the size:

    00.11.22.33 - user [04/05/2016:11:29:06 -0000] "POST /cpsess2886009166/json-api/cpanel HTTP/1.1" 200 0 "htt\ps://cpanel1.example.com:2083/cpsess2886009166/frontend/rvneo/filemanager/

    upload-ajax.html?file=wp-config.php&fileop=&dir=%2Fhome%2Fuser%2Fpublic_html%2Fwp-content%2Fuploads&dirop=&charset=&file_charset=utf-8&baseurl=&basedir="

    "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/47.0.2526.73 Chrome/47.0.2526.73 Safari/537.36" "s" "-" 2083

So I can't tell if they're uploading a clean file or one that is already infected. Unless this information is also being logged in another location...

Hal

photo
photo
1
samuelmf 8 years ago

Will be good if the tracking log includes more than ip, it must be include geoip, info about the pc the user used to delete, upload or edit the files and maybe a couple more of details, to help us to track better the users activity.

Reply
photo
1
Карлос Кастанеда 8 years ago

First of all - we desperately need exact filename of files whicha are upliading via FileMnager and renaming log as well!

Reply
photo
2
Prakash Elsner 4 years ago

Built-in filemanager "transfer log" "rename log" "create log" "delete log" is must needed.

Reply
Leave a Comment
 
Attach a file

cPanel, WebHost Manager and WHM are registered trademarks of cPanel, L.L.C. for providing its computer software that facilitates the management and configuration of Internet web servers.