Login logs for owncloud server


where do i see login logs.
i cant seem to find them


There is no such log, I think.

But you can go to the Users-Page Settings ans enable Show Last Login.


where exactly in settings is that don’t see it


On Users page, click on the small gearwheel down left.


thanks . (not to concern with legit user)

my concern is how to catch un-authorize logins. example in settings/general i see logs and when i download the log i see some entries with user app



I suggest having a look at this app:




when i’m doing a wrong login at my ownCloud 10.0.9 installation i’m getting the following entry in my data/owncloud.log:

{"reqId":"YpIso7dpJyN9wyIWPtkk","level":2,"time":"2018-09-06T17:32:21+01:00","remoteAddr":"","user":"--","app":"core","method":"POST","url":"\/login","message":"Login failed: 'test' (Remote IP: '')"}



i see some myself and is not me :slight_smile:
so appears they tried using IP lol

“reqId”:“VFwRqz8t59ZrZ5luD6h0”,“level”:2,“time”:“2018-09-06T05:06:02+00:00”,“remoteAddr”:“”,“user”:"–",“app”:“core”,“method”:“GET”,“url”:"/",“message”:“Trusted domain error. “” tried to acce$
{“reqId”:“v3J1AELHIbPiGDUguILf”,“level”:2,“time”:“2018-09-06T06:36:07+00:00”,“remoteAddr”:“”,“user”:”–",“app”:“core”,“method”:“GET”,“url”:"/",“message”:“Trusted domain error. “” tried to access$
{“reqId”:“lW13RCicUNRkBzNcjuir”,“level”:2,“time”:“2018-09-06T06:53:25+00:00”,“remoteAddr”:“”,“user”:”–",“app”:“core”,“method”:“GET”,“url”:"/",“message”:“Trusted domain error. “” tried to access u$
{“reqId”:“Atta5IDCPqNuVLIvbGmG”,“level”:2,“time”:“2018-09-06T08:00:47+00:00”,“remoteAddr”:“”,“user”:”–",“app”:“core”,“method”:“GET”,“url”:"/",“message”:“Trusted domain error. “” tried to access u$
{“reqId”:“RvMBftouqbPUu1Pvmixu”,“level”:2,“time”:“2018-09-06T08:05:23+00:00”,“remoteAddr”:“”,“user”:”–",“app”:“core”,“method”:“GET”,“url”:"/",“message”:“Trusted domain error. “” tried to access usi$
{“reqId”:“wddhOUODK61Gcri4mGDl”,“level”:2,“time”:“2018-09-06T08:11:44+00:00”,“remoteAddr”:“”,“user”:”–",“app”:“core”,“method”:“GET”,“url”:"/",“message”:“Trusted domain error. “” tried to access u$
{“reqId”:“6wYnDBzhxU93rCe8rU0p”,“level”:2,“time”:“2018-09-06T09:03:27+00:00”,“remoteAddr”:“”,“user”:”–",“app”:“core”,“method”:“GET”,“url”:"/",“message”:“Trusted domain error. “” tried to access u$
{“reqId”:“7mwf9TSij3hDcqFqolAL”,“level”:2,“time”:“2018-09-06T09:58:38+00:00”,“remoteAddr”:“”,“user”:”–",“app”:“core”,“method”:“GET”,“url”:"/",“message”:“Trusted domain error. “” tried to access u$
{“reqId”:“fDwqfAo5s3waGkr9T5xC”,“level”:2,“time”:“2018-09-06T11:08:14+00:00”,“remoteAddr”:“”,“user”:”–",“app”:“core”,“method”:“GET”,“url”:"/",“message”:“Trusted domain error. “” tried to access$
{“reqId”:“BPeMaMrs5nn07XNheZ8r”,“level”:2,“time”:“2018-09-06T11:55:39+00:00”,“remoteAddr”:“”,“user”:”–",“app”:“core”,“method”:“GET”,“url”:"/",“message”:“Trusted domain error. “” tried to access$
{“reqId”:“esilpuDt1cCln10to6GA”,“level”:1,“time”:“2018-09-06T16:06:53+00:00”,“remoteAddr”:“”,“user”:”–",“app”:“cron”,“method”:“GET”,“url”:"/cron.php",“message”:"Invalidating tokens older than 2018-



i think the “Trusted domain error” is something different and isn’t related to failed logins.


does that log entry mean user already logged in


From what i know and have read here:


the requests have tried to access your ownCloud installation from an not allowed domain / IP and are generally blocked without even reaching the login page.


the way you explained trusted domain my understanding has nothing to do with the source ip- or from ip - but the target domain
example trusted domain i have my local ip and my dns foo.foo.com.
meaning if someone tries to access via my public ip it fails
so now this log entry is confusing to me


I think, I already saw this in one of your earlier topics: you don’t post the entire message text, its terminated/cut with a $-sign for some reason. Not a heavy problem so far, but full log message would be appreciated.

I saw various IP’s in your log-snippet. Did you configure your list of trusted domains? Or are all of these accesses unwanted?


as i said above in trusted domain (my understanding is how people access it )
i have 2 entries my local ip and myserver.com.

so all those are unwanted. i confirm this by trying to connected to my server using ip address and it fails with un trusted domain and i can see similar entry in the log


AFAIK, if you want to connect by IP or by domain name, you have to add both to the array of rusted domains.


agree my point is those entries seem to be someone trying to access my server via ip . glad they failed and trusted domain is working


If you have lot of such unwanted trials, I would have a look at a tool like denyhosts.