Koozali.org: home of the SME Server

Obsolete Releases => SME Server 7.x => Topic started by: mcp_dk on December 15, 2008, 03:33:13 PM

Title: which logs to show access
Post by: mcp_dk on December 15, 2008, 03:33:13 PM

Apparently My SME Server has been compromised. IT may have happened through an unpatched CMS or other. However the authorities would like if i could provide them with some logs about who and when users have been authenticated and logged on.

So Which logs should i look in to if i want to see which users have been logged on the server and when?
Also other logs that could be usefull to look into!?

Title: Re: which logs to show access
Post by: gzartman on December 15, 2008, 05:57:19 PM

For a webapp, the best log file is likely:

/var/log/httpd/access_log

Greg