Erik Ellsinger

Well-Known Member
Sep 25, 2015
58
1
8
Sweden
cPanel Access Level
Root Administrator
Is there a good way of seeing how much the webdisk features is being used on a server?

For instance a log of who logged (IP-address and cPanel username) in and when would be a good way to see if anybody is actually using the feature.

I see there is a log file called cpdavd_session_log but it for instance doesn't log the username. Is there a better way of seeing webdisk usage?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,908
2,217
463
Hello,

The cpdavd_session_log file is currently the only log you can use to review cpdavd sessions. I encourage you to open a feature request if you'd like to see expanded logging for cpdavd:

Submit A Feature Request

Thank you.
 

dexus

Well-Known Member
Jan 14, 2006
180
11
168
cPanel Access Level
Root Administrator
Is it really possible that cPanel still does not log any WebDisk usage or I am missing something?

File cpdavd_session_log does not actually log anything useful. It does not even show login success or failure, username, etc.

In addition to those basic login logs, we would also need to have info about file transfers, but we currently do not even have the most basic information about WebDisk access...? This is so basic, that such service should not even be in production use without that, and unfortunatelly it looks like it is for few years now.
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
4,509
567
273
cPanel Access Level
Root Administrator
@dexus - the main cPanel access log at /usr/local/cpanel/logs/access_log will show basic login details to the cpdavd system. There currently isn't a log that tracks file transfers or other activity, and after searching just now I didn't find a feature request open for this. If you want to see additional data logged it would be best to put in a new feature request as our development team does manually review every one that gets submitted.
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
4,509
567
273
cPanel Access Level
Root Administrator
@dexus - while checking this, I also noticed the versions of Mac OS were out-of-date in the cPanel >> Webdisk >> Configure Client access area, so I opened case CPANEL-35237 with our development team to get that updated.

I did check the data on case CPANEL-5610 that is referenced in the original feature request thread here:


and confirmed that did resolve the web disk logging. However, it seems that is no longer working properly so I have created case CPANEL-35238 to get that resolved. If you're logged in to our ticket system you can follow along with our article on that here:


Thanks for bringing this up!
 

dexus

Well-Known Member
Jan 14, 2006
180
11
168
cPanel Access Level
Root Administrator
Thank you. That is good news. I hope it will be fixed fast. I have only noticed that you have stated wrong log file.

As I can see in that feature implementation, it looks like it should go to login_log which actually does make more sense...


Also, according to that feature implementation, SUCCESS login should be logged for all other services in the login_log file.

I have now checked, and confirmed that actually there are no SUCCESS logs there...

Code:
# grep FAIL /usr/local/cpanel/logs/login_log | wc -l
49025
# grep SUCCESS /usr/local/cpanel/logs/login_log | wc -l
0

So you should correct log file name in that case and article and also add that "success" logging actually does not work for any service, not only WebDisk.

P.S. I have also checked our archives of login_log file since 2015 till today, and I can also inform you that we do not have a single SUCCESS log line from 2015 till today, so it looks like this "completed" feature request actually never got to production... :)

Code:
[email protected] [~]# zcat /usr/local/cpanel/logs/archive/login_log-11-2019.gz | head -n1
XXXXXXXXX - root [01/01/2015:22:43:27 -0000] "POST /login/?login_only=1 HTTP/1.1" DEFERRED LOGIN whostmgrd: brute force attempt (user root) has locked out IP XXXXXXXXX

[email protected] [~]# zgrep SUCC /usr/local/cpanel/logs/archive/login_log-11-2019.gz | wc -l
0

[email protected] [~]# grep SUCC /usr/local/cpanel/logs/login_log | wc -l
0