Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
Pages: 1
logs for admin
It occurred to me that there is no way of knowing if anyone has reached the admin login page and what they are trying to do there. As such, it would be great if there was an option in the preferences to log
- hits (as it does now)
- just the admin hits
- both
Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.
Offline
Offline
Re: logs for admin
I would suggest using and looking into actual secured server logs if you want safe log data or monitor actual visitor activity.
Textpattern’s logs aren’t exactly designed to even log all hits, but just genuine traffic. Built in logs literally only record hits generating 200 OK status and results that can be routed to some target page. Since Textpattern’s page routing isn’t very strict logs do sometimes contain unrecognized HTTP GET parameters, but that’s about it. If someone wanted to make their requests invisible Textpattern’s logs, they could as simply as appending &id=1337 to the query string.
Now, as logging login page activity goes, I would highly recommend using secured server logs for that purpose. Using Textpattern’s logs for anything security related is rather pointless as the logs are readable and writable by our favorite CMS and are compromised with rest of the system.
Offline
Re: logs for admin
Gocom wrote:
I would suggest using and looking into actual secured server logs if you want safe log data or monitor actual visitor activity.
Hi Jukka,
This is what I am currently doing but there are two problems with it
- It is a largish ftp download
- For some people the server logs are not accessible enough as they find them difficult to understand.
Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.
Offline
Pages: 1