cPanel & WHM Version 92 has been released, and brings a slew of great updates. Take a look at what is included, and then upgrade today!

Better user logs (i.e. change passwords / logins cpanel / logins whm)

rainboy shared this idea 7 years ago
Needs Feedback

We would really like to see an improvement in the logging, currently many of the logging can be found back in all different log files with know how on which scripts are executed and so on, but it would be easier for a system administrator to quickly see who did change a password and from which IP; or which client did actually log into WHM and when.


The need comes from users who complain about their account suddenly not working because they forgot to update one of their many devices using imap i.e. (changed it on a computer, but forgot it on their phone and tablet and get locked out before they know it).


I would however saves us lots of time if we could see if the client did indeed change their password; or that someone else did this. Now we have to dig through several log files and hope to find the change; but with a good logging this could be done in seconds.


Hope you will consider this change.

Comments (7)

photo
1

In most cases, this information (password changes and other activity) is readily found in /usr/local/cpanel/logs/access_log (be it WHM, cPanel, or Webmail password change). However, like most logs, log rotation could mean the relevant information is cycled out from view. I gather this is what resulted in this feature request?


Of course, manual changes outside of cPanel & WHM (directly modifying a password with 'passwd' or literally editing the equivalent passwd file with a new hash) cannot be logged in current form.


It sounds like, however, that a feature request which explicitly logged particular behavior would be useful and fulfill this request. For example, /var/cpanel/accounting.log contains a historical view of all account create/remove actions. Would a similar file that logs specific behaviors in a similar fashion satisfy this feature request?


Again, it still would not be "definitive" since changes outside of cPanel & WHM's mechanisms would not be able to be logged. But, it may introduce further clarity.


If so, what other behaviors (beside password changes) would be deemed useful for this log?

photo
2

Resellers like to have this information about their clients they don't have access to any log files in root. It would be helpful to see the last logins and from which Ip's and if they where successful or not.

photo
1

Voted for this feature. In the same way as it's also easy to get e-mail delevery reports directly from exim's logs with the correct skills, it takes time and isn't accessible for non sysadmins.


Users should be able to view their password changes, logins and any change to their account like creating a database, deleting an e-mail account etc. Everything should be accessible in a sort of events logs that could be filtered by type of event and corresponding section in cPanel.

photo
1

I voted for this as well. It would be wonderful if this included more detailed logging of cPanel file manager actions as well.

photo
1

It would be great to have this feature

photo
1

Agreed. We just had to do some forensics on a hacked server. Better logs for key events would be super helpful.

photo
1

absolutely crazy this is still not implemented, much better auditing is really needed.