Results 1 to 11 of 11

Thread: Tweak Settings: Store access logs for past X days [Case 53120]

  1. #1
    Registered Member
    Join Date
    Jan 2011
    Posts
    9

    Default Tweak Settings: Store access logs for past X days [Case 53120]

    When a site is hacked, the access logs are an important resource to find out how the hackers got in, but with cPanel's daily rotation, the logs are often already rotated by the time the analysis starts and the data is lost forever.

    The setting within cPanel to store logs for the month is not useful, as it relies on the client / cPanel user to have the correct settings.

    I'd prefer a setting in WHM (root/reseller) level where we can specify to archive logs for the last X days with the last day being removed and replaced by the new log on each rotation. So there are never more than X logs in total stored, but we can always go back X days.

    We used to have a similar system with Ensim and whilst under no circumstances do I wish to go back to it, it was pretty much the only useful bit that cPanel doesn't have.

    Where the logs are stored, I'm not too fussed. If there could be an interface to download via cPanel would be great, but failing that just having them somewhere safe where I can get to them via root SSH would suffice.

    As for disk space, if we only store the last 5 days, and assuming that the logs for past days are zipped, it could be part of the user's disk space.

    So in summary:
    * Have a setting in WHM where I can specify to keep access logs for past X days
    * ZIP all but the current log
    * The X days are on a rolling basis, the last day is always removed when a new archive is created
    * Store on server; a cPanel download button would be a bonus
    * Have this feature in addition to the existing cPanel level log settings

    Many thanks for reading this,
    Edith Karnitsch

  2. #2
    Registered Member cPanel Partner NOC Badge
    Join Date
    Apr 2003
    Location
    Houston, TX
    Posts
    402
    cPanel/WHM Access Level

    Root Administrator

    Default re: Tweak Settings: Store access logs for past X days [Case 53120]

    I support this request 100%
    The lack of access log retention other than month by month or permanent is one of the very few seriously lacking abilities within cPanel.

  3. #3
    Registered Member monarobase's Avatar
    Join Date
    Jan 2010
    Location
    France
    Posts
    498
    cPanel/WHM Access Level

    Root Administrator

    Default re: Tweak Settings: Store access logs for past X days [Case 53120]

    + 1
    This makes a lot of sense !

  4. #4
    Registered Member
    Join Date
    Jan 2008
    Location
    Buenos Aires, Argentina
    Posts
    1,040
    cPanel/WHM Access Level

    Root Administrator

    Default Re: Tweak Settings: Store access logs for past X days [Case 53120]

    +1 for this.

    But...
    the archives should be tar-gzipped and I'm not sure nor confident on storing the data in the user account space.
    Take in account that storing the last 5 days of access log may consume different disk space in every account. There may be websites using small packages but having a huge amount of visitors, hence producing bigger access logs. This feature is very interesting but some customers may be forced to upgrade to bigger packages in order to cope with the disk space required to store the generated logs. I think this issue may be circumvented if cPanel store the logs in a global folder in the system, thus leaving these archives out of the access of a hacker in the process. Because if you want to audit bad behaviours in your website, if it is hacked, the logs will surely be deleted. That's why I think they must be stored in a folder out of the range of the given user.

    Also, this feature should come disabled by default, and allow to enable it for individual accounts. Because 1) Not every sysadmin will be aware of this addition, 2) Not every sysadmin will be happy of storing lots of Gigs of data if their server disks are at 80% . And, additionally, of you will be able to enable this functionality for individual accounts, this feature would be richest if you also may be enable to set for how many days every enabled account will individually store access logs.

    Thank you

  5. #5
    cPanel Product Evangelist Infopro's Avatar
    Join Date
    May 2003
    Location
    Pennsylvania
    Posts
    10,903
    cPanel/WHM Access Level

    Root Administrator

    Default Re: Tweak Settings: Store access logs for past X days [Case 53120]

    Quote Originally Posted by terraGirl View Post
    When a site is hacked, the access logs are an important resource to find out how the hackers got in, but with cPanel's daily rotation, the logs are often already rotated by the time the analysis starts and the data is lost forever.

    The setting within cPanel to store logs for the month is not useful, as it relies on the client / cPanel user to have the correct settings.

    I'd prefer a setting in WHM (root/reseller) level where we can specify to archive logs for the last X days with the last day being removed and replaced by the new log on each rotation. So there are never more than X logs in total stored, but we can always go back X days.

    We used to have a similar system with Ensim and whilst under no circumstances do I wish to go back to it, it was pretty much the only useful bit that cPanel doesn't have.

    Where the logs are stored, I'm not too fussed. If there could be an interface to download via cPanel would be great, but failing that just having them somewhere safe where I can get to them via root SSH would suffice.

    As for disk space, if we only store the last 5 days, and assuming that the logs for past days are zipped, it could be part of the user's disk space.

    So in summary:
    * Have a setting in WHM where I can specify to keep access logs for past X days
    * ZIP all but the current log
    * The X days are on a rolling basis, the last day is always removed when a new archive is created
    * Store on server; a cPanel download button would be a bonus
    * Have this feature in addition to the existing cPanel level log settings

    Many thanks for reading this,
    Edith Karnitsch
    This (I've highlighted it in bold above) sounds more like an enhancement to existing features/settings if I'm reading it correctly. Adding a setting for the number of days logs are saved.

    And an enhancement to this setting giving the host access to change a setting on a users account from WHM:

    The setting within cPanel to store logs for the month is not useful, as it relies on the client / cPanel user to have the correct settings.

  6. #6
    Registered Member
    Join Date
    Jan 2011
    Posts
    9

    Default Re: Tweak Settings: Store access logs for past X days [Case 53120]

    Many thanks for replying!

    Yes, a modification of the existing function can work but it would need to be protected so users cannot modify via cPanel.

    Users could still enable:
    * Archive logs in your home directory at the end of each stats run[ [every 24 hour(s)~]]
    * Remove the previous month's archived logs from your home directory at the end of each month

    But in addition, the server root can set a minimum number of X days logs are kept which can't be over-ridden by resellers/cpanel users

    So the archive functions in cPanel would be in addition to the minimum number of days set for the entire server.

    Many thanks, Edith

  7. #7
    Technical Product Specialist cPanelDavidG's Avatar
    Join Date
    Nov 2006
    Location
    Houston, TX
    Posts
    11,296
    cPanel/WHM Access Level

    Root Administrator

    Default Re: Tweak Settings: Store access logs for past X days [Case 53120]

    Just an update to this discussion, the entirety of the original post is in an internal case and we hope to implement this by version 11.34.

  8. #8
    Registered Member cPanel Partner NOC Badge
    Join Date
    Apr 2003
    Location
    Houston, TX
    Posts
    402
    cPanel/WHM Access Level

    Root Administrator

    Default Re: Tweak Settings: Store access logs for past X days [Case 53120]

    Wonderful David, thanks for the update!

  9. #9
    Registered Member
    Join Date
    Jan 2011
    Posts
    9

    Default Re: Tweak Settings: Store access logs for past X days [Case 53120]

    Great news!

  10. #10
    Registered Member
    Join Date
    Jul 2011
    Posts
    8

    Default Re: Tweak Settings: Store access logs for past X days [Case 53120]

    Dudes, we have a situation here where we need the access logs & just discovered that all the raw logs are gone. I cannot believe raw data is not stored by default for even 3 months!

  11. #11
    LBJ
    LBJ is offline
    Registered Member
    Join Date
    Nov 2003
    Posts
    54

    Default Re: Tweak Settings: Store access logs for past X days [Case 53120]

    +1

    Excellent idea.

Similar Threads

  1. Stuck for the past Two Days | DNS Issue
    By fammari in forum cPanel & WHM Discussions
    Replies: 1
    Last Post: 06-30-2011, 09:05 AM
  2. A tweak setting should automatically enable any other tweak settings i...
    By porcupine in forum Archived Feature Requests
    Replies: 5
    Last Post: 01-05-2011, 04:58 PM
  3. How to access 'tweak settings'
    By kmberly in forum New User Questions
    Replies: 4
    Last Post: 07-08-2008, 12:17 PM
  4. BandWidth of Past days increasing ? bug ?
    By maxihost in forum cPanel & WHM Discussions
    Replies: 0
    Last Post: 08-24-2004, 07:15 AM
bargain