I was looking for a log file where I can see which hosts are connecting on nextcloud but I cant find it.
If I look with lsof I see some logs, but no real time logs whois connecting or am I missing something? :)
The Apache logs are available in /var/snap/nextcloud/current/apache/logs but you're right, there is no access log configured in the snap as far as I know. It'd be easy enough to do by implementing a CustomLog field in httpd.conf.
However, the issue then becomes log rotation in that access logs will quickly grow in size even on small installations as apache doesn鈥檛 handle rotations, so we'd need to consider a solution for this if we were to include access logs configured by default.
If you want to make the changes locally you might want to take a look at (Building your first Nextcloud snap) for some pointers in creating a custom version of the snap.
In the meantime @kyrofa, any thoughts on configuring access logging for the Snap by default? If I get time I鈥檒l have a play around with an implementation over the weekend.
@dutchievj can you clarify what you're looking for? A log of all traffic to the snap? Or a log of people who actually authenticate?
I would like to see what is happening on my server.
I feel I am running a server completely blind now without knowing what is happening.
Would you run a web server Apache based like this? The horror.
The work you do I appreciate allot and from a security point of view, a snap is great, but running it blind is not so great.
Thats why I would like to have access to an access_log and a error_log.
Haha, fair point @dutchievj, support needs to be added. Note that we currently have an error log in /var/snap/nextcloud/current/apache/logs/error_log, but indeed, we're missing an access log. @JamesBream quickly hit on the issue there: this can get big fast. @dutchievj for your purposes, how long of a log would you like? We may want to make this configurable, I expect different folks will have different requirements.
I never knew that apache shipped a rotatelogs executable, so the actual rotation will be easy. We just need to handle cleaning up old logs.
Two weeks for me is good and then rotating it.
On a other note.. perhaps sooner then two weeks would be wise in some installations.
Apache's rotatelogs supports log rotation once the log reaches a given file size which might be at the very least a sensible default to enable this for all users - avoiding the issue of trying to guess how often (in hours/days) the 'average' nextcloud snap user would need to rotate the log to avoid the logs becoming too large.
I do agree that it would be good to allow this to be configured though as I suspect most people interested in this feature probably want logs rotated on a daily/weekly basis with n number of logs retained, for usability reasons.
Any progress in this mater?
Can we expect this in future versions?
Not yet, but you can definitely expect this. The lead-up to an Ubuntu release tends to steal most of my time, but once that's out I'll be taking a look.
Thanks kyrofa!
Offtopic question:
How secure is the snap compared to running nextcloud outside of a snap?
I am trying to debug why mixplorer app cannot connect to my snap instance over webdav. it will be grateful if i can inspect the log in apache , too . Thanks kyrofa
Are we the only people interested in monitoring who is downloading files from our public sharelinks??
No you aren鈥檛, that鈥檚 why I use my own reverse proxy. Example: https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/
Here is a quick bash script that'll dump all IP addresses accessing shared data, and then performs a reverse DNS lookup.
Now if someone with enough coding skill could put this into nextcloud... (^o^)v
$ sudo grep -i token /var/snap/nextcloud/common/nextcloud/data/nextcloud.log | grep -Eo '([0-9]{1,3}\.){3}[0-9]{1,3}' | sort | uniq | while read ip; do dig +short -x $ip; done
Thanks kyrofa!
Offtopic question:
How secure is the snap compared to running nextcloud outside of a snap?
My 2 cents but snaps/containers aren't about security, it's about software management.
Employing the usual internet-facing application hygiene would be advisable : up to date patches, strong passwords, firewall rules, etc.
Hi, I am also interested in this feature. Would feel much more comfortable to log access on my nextcloud instance.
Thankyou kyrofa for the good work! Appreciate it.
The basic version of this feature is rotating the log once a week and keeping four weeks' worth. Let's keep an eye on this and adjust if necessary.
Most helpful comment
I would like to see what is happening on my server.
I feel I am running a server completely blind now without knowing what is happening.
Would you run a web server Apache based like this? The horror.
The work you do I appreciate allot and from a security point of view, a snap is great, but running it blind is not so great.
Thats why I would like to have access to an access_log and a error_log.