v5.3-B167 - Webadmin - audit action

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
jr3151006
Normal user
Normal user
Posts: 31
Joined: 2011-02-03 14:57

v5.3-B167 - Webadmin - audit action

Post by jr3151006 » 2011-09-01 20:48

Hi,

is there a way to identify what user (between users with 'Domain' level permission) deleted an account? Hmail do log for that action in files or database?

* I´m not be able to found a table inside MySQL db allocated to logs, looking for files (D:\hMailServer\Logs\hmailserver_2011-09-01.log) appears to be only for SMTP connectivity/transactions.
* Looking the file 'C:\Inetpub\wwwroot\roundcubemail-0.5.1\ADMIN\config.php' I can see any options for log purpose.

tks,

Renato P

User avatar
dzekas
Senior user
Senior user
Posts: 2486
Joined: 2005-10-13 21:28
Location: Lithuania

Re: v5.3-B167 - Webadmin - audit action

Post by dzekas » 2011-09-01 21:59

You can't get user name, but you can find his/her IP address in your webserver logs.

"GET /somepath/index.php?page=background_account_save&action=delete&domainid=<somenumber>&accountid=<somenumber>" requests delete accounts.

jr3151006
Normal user
Normal user
Posts: 31
Joined: 2011-02-03 14:57

Re: v5.3-B167 - Webadmin - audit action

Post by jr3151006 » 2011-09-01 22:32

Hi dzekas,

tks for quick reply. I found the date/hour from IIS logs and that information regarding PHP action.

* I cant believe that Hmail do not offer logs for situations like that!!!!

tks

User avatar
dzekas
Senior user
Senior user
Posts: 2486
Joined: 2005-10-13 21:28
Location: Lithuania

Re: v5.3-B167 - Webadmin - audit action

Post by dzekas » 2011-09-01 22:46

jr3151006 wrote:* I cant believe that Hmail do not offer logs for situations like that!!!!
Security people like to know lots of things about system changes, but version control is not most efficient storage format.

^DooM^
Site Admin
Posts: 13861
Joined: 2005-07-29 16:18
Location: UK

Re: v5.3-B167 - Webadmin - audit action

Post by ^DooM^ » 2011-09-01 23:10

jr3151006 wrote:* I cant believe that Hmail do not offer logs for situations like that!!!!
Nobody needed it until now and I don't see your feature request asking for it prior to you requiring it either ;)
If at first you don't succeed, bomb disposal probably isn't for you! ヅ

jr3151006
Normal user
Normal user
Posts: 31
Joined: 2011-02-03 14:57

Re: v5.3-B167 - Webadmin - audit action

Post by jr3151006 » 2011-09-01 23:24

Ok ^Doom^,

you are right and then I´m wrong thinking that a security issue could be happen for any users from Hmail server - anywhere! To me do log about success/failure of logon/action is 'the basic'. But if you never faced an issue like that, you are a lucky man! :wink:

>>>>>>>> I will ask that feature. You can believe!

tks,

to everyone.

Post Reply