: How can you find using apache logs who logged in your server? I have a application that running on apache web server, is there any way under apache logs i can identify name / ip address
I have a application that running on apache web server, is there any way under apache logs i can identify name / ip address of user who logged into the system.
And also the date / time of who last opened or accessed the logs?
More posts by @Barnes591
2 Comments
Sorted by latest first Latest Oldest Best
Your Apache access logs should log the IP address of visitors by default.
If your CMS system handles the login and sets a cookie for the logged in user, you must have Apache log that cookie to be able to see the logged in user. You can do so by modifying the log config with the name of the cookie: %{Foobar}C (where Foobar is the name of the cookie).
For more information about Apache logging, see custom log formats.
It sounds like you might be interested in information logged by ssh. You can usually find information about who got command line access to the server with these commands (source):
grep -ir ssh /var/log/*
grep -ir breakin /var/log/*
grep -ir security /var/log/*
You can also look in the .bash_history files of those users (stored in their home directories) to see what commands have been run.
Keep in mind, that once somebody has access to a command line on your server they may cover their tracks by altering the log files.
Apache by default only logs access and errors, Since accessing a user login authentication is handled by a content management system of some sort that would need to log the entries separately or you set it up to share the access log.
So you will need to get your platform/application logging.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.