Log related Improvement suggestions.
Better access logs for Authentication to the Admin/client login page :8090 and to the API who did what from where and when
Maybe something like?
/usr/local/CyberCP/logs/login_log
192.168.0.20 - Username [07/10/2013:18:43:00 -0000] “POST /login/?login_only=1 HTTP/1.1” FAILED LOGIN lscpd: Username password hash is missing from system (Username probably does not exist)
192.168.0.21 - Username [07/10/2013:18:43:14 -0000] “POST /login/?login_only=1 HTTP/1.1” FAILED LOGIN lscpd: Username password hash is missing from system (Username probably does not exist)
192.168.0.22 - Username [07/15/2013:16:21:50 -0000] “POST /login/?login_only=1 HTTP/1.1” FAILED LOGIN lscpd: Username password incorrect
User activity logs of things done in Cyberpanel adding deleting email ftp accounts etc
/usr/local/CyberCP/logs/client_activity_log
192.168.0.20 - example [10/08/2016:13:37:32 -0000] “GET //index.html HTTP/1.1” 200 0 “” “Mozilla/5.0 (Windows NT 10.0; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0” “s” “-” 2083
Rainloop webmail authentification/error logs
/usr/local/CyberCP/logs/rainloop
Suggestions to standardized the log file locations so that they are accessible in the same location across Centos and Ubuntu. This can be easily done via symlinks created upon install/upgrade if missing.
Possibly set up a symlink on Ubuntu for the common log locations
ln -s source_file myfile
Centos sshd auth Ubuntu path
/var/log/secure > /var/log/auth.log
Centos email log Ubuntu path
/var/log/maillog > /var/log/mail.log
Centos Kernel Ubuntu kernel and general logs
/var/log/messages > /var/log/syslog
Suggested symlinks
ln -s /var/log/auth.log /var/log/secure
ln -s /var/log/mail.log /var/log/maillog
ln -s /var/log/syslog /var/log/messages
Example:
Link the Ubuntu path to the universal centos one. So if someone is looking online at the log locations they can find it either way easily.
root@ols:~# ln -s /var/log/auth.log /var/log/secure
root@ols:~# ls -l /var/log/secure
lrwxrwxrwx 1 root root 17 Oct 8 13:53 /var/log/secure → /var/log/auth.log
root@ols:~# tail -f /var/log/secure
Oct 8 13:53:48 ols sshd[13842]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.15.101 user=root
Oct 8 13:53:48 ols sshd[13844]: Connection closed by 103.228.114.21 port 53226 [preauth]