Login logs for owncloud server


#1

where do i see login logs.
i cant seem to find them


#2

There is no such log, I think.

But you can go to the Users-Page Settings ans enable Show Last Login.


#3

where exactly in settings is that don’t see it


#4

On Users page, click on the small gearwheel down left.


#5

thanks . (not to concern with legit user)

my concern is how to catch un-authorize logins. example in settings/general i see logs and when i download the log i see some entries with user app

:“103.109.111.34”,“user”:"–",“app”:“core”,“method”:“GET”,“url”:"/",“message”:"T


#6

I suggest having a look at this app:

https://marketplace.owncloud.com/apps/security


#7

Hey,

when i’m doing a wrong login at my ownCloud 10.0.9 installation i’m getting the following entry in my data/owncloud.log:

{"reqId":"YpIso7dpJyN9wyIWPtkk","level":2,"time":"2018-09-06T17:32:21+01:00","remoteAddr":"192.168.0.3","user":"--","app":"core","method":"POST","url":"\/login","message":"Login failed: 'test' (Remote IP: '192.168.0.3')"}

#8

Interesting

i see some myself and is not me :slight_smile:
so appears they tried using IP lol

“reqId”:“VFwRqz8t59ZrZ5luD6h0”,“level”:2,“time”:“2018-09-06T05:06:02+00:00”,“remoteAddr”:“188.169.229.190”,“user”:"–",“app”:“core”,“method”:“GET”,“url”:"/",“message”:“Trusted domain error. “188.169.229.190” tried to acce$
{“reqId”:“v3J1AELHIbPiGDUguILf”,“level”:2,“time”:“2018-09-06T06:36:07+00:00”,“remoteAddr”:“177.39.129.248”,“user”:”–",“app”:“core”,“method”:“GET”,“url”:"/",“message”:“Trusted domain error. “177.39.129.248” tried to access$
{“reqId”:“lW13RCicUNRkBzNcjuir”,“level”:2,“time”:“2018-09-06T06:53:25+00:00”,“remoteAddr”:“2.187.162.158”,“user”:”–",“app”:“core”,“method”:“GET”,“url”:"/",“message”:“Trusted domain error. “2.187.162.158” tried to access u$
{“reqId”:“Atta5IDCPqNuVLIvbGmG”,“level”:2,“time”:“2018-09-06T08:00:47+00:00”,“remoteAddr”:“31.47.103.165”,“user”:”–",“app”:“core”,“method”:“GET”,“url”:"/",“message”:“Trusted domain error. “31.47.103.165” tried to access u$
{“reqId”:“RvMBftouqbPUu1Pvmixu”,“level”:2,“time”:“2018-09-06T08:05:23+00:00”,“remoteAddr”:“118.97.26.21”,“user”:”–",“app”:“core”,“method”:“GET”,“url”:"/",“message”:“Trusted domain error. “118.97.26.21” tried to access usi$
{“reqId”:“wddhOUODK61Gcri4mGDl”,“level”:2,“time”:“2018-09-06T08:11:44+00:00”,“remoteAddr”:“179.98.198.13”,“user”:”–",“app”:“core”,“method”:“GET”,“url”:"/",“message”:“Trusted domain error. “179.98.198.13” tried to access u$
{“reqId”:“6wYnDBzhxU93rCe8rU0p”,“level”:2,“time”:“2018-09-06T09:03:27+00:00”,“remoteAddr”:“103.84.147.33”,“user”:”–",“app”:“core”,“method”:“GET”,“url”:"/",“message”:“Trusted domain error. “103.84.147.33” tried to access u$
{“reqId”:“7mwf9TSij3hDcqFqolAL”,“level”:2,“time”:“2018-09-06T09:58:38+00:00”,“remoteAddr”:“190.69.26.106”,“user”:”–",“app”:“core”,“method”:“GET”,“url”:"/",“message”:“Trusted domain error. “190.69.26.106” tried to access u$
{“reqId”:“fDwqfAo5s3waGkr9T5xC”,“level”:2,“time”:“2018-09-06T11:08:14+00:00”,“remoteAddr”:“168.195.85.227”,“user”:”–",“app”:“core”,“method”:“GET”,“url”:"/",“message”:“Trusted domain error. “168.195.85.227” tried to access$
{“reqId”:“BPeMaMrs5nn07XNheZ8r”,“level”:2,“time”:“2018-09-06T11:55:39+00:00”,“remoteAddr”:“103.212.91.207”,“user”:”–",“app”:“core”,“method”:“GET”,“url”:"/",“message”:“Trusted domain error. “103.212.91.207” tried to access$
{“reqId”:“esilpuDt1cCln10to6GA”,“level”:1,“time”:“2018-09-06T16:06:53+00:00”,“remoteAddr”:“192.168.1.9”,“user”:”–",“app”:“cron”,“method”:“GET”,“url”:"/cron.php",“message”:"Invalidating tokens older than 2018-


#9

Hey,

i think the “Trusted domain error” is something different and isn’t related to failed logins.


#10

does that log entry mean user already logged in


#11

From what i know and have read here:

https://doc.owncloud.org/server/latest/admin_manual/installation/source_installation.html#managing-trusted-domains

the requests have tried to access your ownCloud installation from an not allowed domain / IP and are generally blocked without even reaching the login page.


#12

the way you explained trusted domain my understanding has nothing to do with the source ip- or from ip - but the target domain
example trusted domain i have my local ip and my dns foo.foo.com.
meaning if someone tries to access via my public ip it fails
so now this log entry is confusing to me


#13

<off-topic>
I think, I already saw this in one of your earlier topics: you don’t post the entire message text, its terminated/cut with a $-sign for some reason. Not a heavy problem so far, but full log message would be appreciated.
</off-topic>

I saw various IP’s in your log-snippet. Did you configure your list of trusted domains? Or are all of these accesses unwanted?


#14

as i said above in trusted domain (my understanding is how people access it )
i have 2 entries my local ip and myserver.com.

so all those are unwanted. i confirm this by trying to connected to my server using ip address and it fails with un trusted domain and i can see similar entry in the log


#15

AFAIK, if you want to connect by IP or by domain name, you have to add both to the array of rusted domains.


#16

agree my point is those entries seem to be someone trying to access my server via ip . glad they failed and trusted domain is working


#17

If you have lot of such unwanted trials, I would have a look at a tool like denyhosts.