Mobile app version of vmapp.org
Login or Join
Barnes591

: How can you find using apache logs who logged in your server? I have a application that running on apache web server, is there any way under apache logs i can identify name / ip address

@Barnes591

Posted in: #Apache #SeoAudit

I have a application that running on apache web server, is there any way under apache logs i can identify name / ip address of user who logged into the system.

And also the date / time of who last opened or accessed the logs?

10.02% popularity Vote Up Vote Down


Login to follow query

More posts by @Barnes591

2 Comments

Sorted by latest first Latest Oldest Best

 

@Megan663

Your Apache access logs should log the IP address of visitors by default.

If your CMS system handles the login and sets a cookie for the logged in user, you must have Apache log that cookie to be able to see the logged in user. You can do so by modifying the log config with the name of the cookie: %{Foobar}C (where Foobar is the name of the cookie).

For more information about Apache logging, see custom log formats.

It sounds like you might be interested in information logged by ssh. You can usually find information about who got command line access to the server with these commands (source):

grep -ir ssh /var/log/*
grep -ir breakin /var/log/*
grep -ir security /var/log/*


You can also look in the .bash_history files of those users (stored in their home directories) to see what commands have been run.

Keep in mind, that once somebody has access to a command line on your server they may cover their tracks by altering the log files.

10% popularity Vote Up Vote Down


 

@Radia820

Apache by default only logs access and errors, Since accessing a user login authentication is handled by a content management system of some sort that would need to log the entries separately or you set it up to share the access log.

So you will need to get your platform/application logging.

10% popularity Vote Up Vote Down


Back to top | Use Dark Theme