Log related Improvement suggestions.
Better access logs for Authentication to the Admin/client login page :8090 and to the API who did what from where and when
Maybe something like?
192.168.0.20 - Username [07/10/2013:18:43:00 -0000] “POST /login/?login_only=1 HTTP/1.1” FAILED LOGIN lscpd: Username password hash is missing from system (Username probably does not exist)
192.168.0.21 - Username [07/10/2013:18:43:14 -0000] “POST /login/?login_only=1 HTTP/1.1” FAILED LOGIN lscpd: Username password hash is missing from system (Username probably does not exist)
192.168.0.22 - Username [07/15/2013:16:21:50 -0000] “POST /login/?login_only=1 HTTP/1.1” FAILED LOGIN lscpd: Username password incorrect
User activity logs of things done in Cyberpanel adding deleting email ftp accounts etc
192.168.0.20 - example [10/08/2016:13:37:32 -0000] “GET //index.html HTTP/1.1” 200 0 “” “Mozilla/5.0 (Windows NT 10.0; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0” “s” “-” 2083
Rainloop webmail authentification/error logs
Suggestions to standardized the log file locations so that they are accessible in the same location across Centos and Ubuntu. This can be easily done via symlinks created upon install/upgrade if missing.
Possibly set up a symlink on Ubuntu for the common log locations
ln -s source_file myfile
Centos sshd auth Ubuntu path
/var/log/secure > /var/log/auth.log
Centos email log Ubuntu path
/var/log/maillog > /var/log/mail.log
Centos Kernel Ubuntu kernel and general logs
/var/log/messages > /var/log/syslog
ln -s /var/log/auth.log /var/log/secure
ln -s /var/log/mail.log /var/log/maillog
ln -s /var/log/syslog /var/log/messages
Link the Ubuntu path to the universal centos one. So if someone is looking online at the log locations they can find it either way easily.
root@ols:~# ln -s /var/log/auth.log /var/log/secure
root@ols:~# ls -l /var/log/secure
lrwxrwxrwx 1 root root 17 Oct 8 13:53 /var/log/secure → /var/log/auth.log
root@ols:~# tail -f /var/log/secure
Oct 8 13:53:48 ols sshd: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.127.116.11 user=root
Oct 8 13:53:48 ols sshd: Connection closed by 18.104.22.168 port 53226 [preauth]