FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » FUDforum Development » FUDforum 3.0+ » Feature Requests for logs (administrative function request)
Show: Today's Messages :: Unread Messages :: Show Polls :: Message Navigator
| Subscribe to topic | Bookmark topic 
Switch to threaded view of this topic Create a new topic Submit Reply
Feature Requests for logs [message #163694] Wed, 24 November 2010 09:19 Go to next message
tw_nick   United States
Messages: 57
Registered: October 2010
Location: Dallas, TX
Karma: 0
Member
add to buddy list
ignore all messages by this user

I use FUD for an internal discussion forum/knowledge base for a group of users at my company. As the admin for this site, I periodically look at the logs to troubleshoot an issue, and a couple of things concern me about the current implementation of the logging functions in the software:

(1) When I clear a log, I would expect there to be an entry made in the newly cleared log stating who cleared the log. For compliance and security reasons, this is extremely important to enterprises who use the software internally. For more public applications, it's just helpful if there are multiple admins to be able to capture that info.

(2) Of much lesser value, I would prefer that passwords from failed login attempts be hidden by default from the logs. Perhaps an option could be added to "reveal passwords" that would allow them to be viewed when that is specifically what the admin needs to see, but by default it would be better (IMHO) if they were masked. Granted, they are passwords that didn't allow access, so they may be of no value to compromising the forum security, but many users use the same password for multiple sites...right or wrong.
Re: Feature Requests for logs [message #163695 is a reply to message #163694] Wed, 24 November 2010 09:39 Go to previous messageGo to next message
Ernesto is currently offline  Ernesto   Sweden
Messages: 413
Registered: August 2005
Karma: 0
Senior Member
add to buddy list
ignore all messages by this user
The error log is saved to DATA_ROOT/errors and the file itself is not cleared when you clear the error list, same with the SQL error log.

I totally agree with you on the action log, I think it should be far more detailed, as well as protected from deletion, and not as dynamic so that when an admin deletes a message for example, I don't wanna see "message no longer in the system" as the message title, I would like to see the proper message title that existed before, as well as the message info saved so i can locate the deleted message in the message files - IE, safeguards so we can undo things, and track things.

I am thinking we could have a separate table holding deleted message info, and the option for the mod/user/admin who deletes the message to enter a reason etc. Currently if not using database, the original message will be saved in the message file eventhough the pointer will be removed - shouldnt be hard to just copy that info into a delete table and add another firled for delete reason, ID of the deleter, etc.

Many, many many things we can improve in the backend, IMO.

I also agree with the passwords to be hidden by default, i dont see any reason why an admin should see them in cleartext - i know of course they can be found out with some reverse engineering, but I jsut don't think it's necessary.


Further, filtering in the error log would be nice - I get tons of "that page doesnt exist" spam from robots and it's slightly annoying.


Re: Feature Requests for logs [message #163696 is a reply to message #163695] Wed, 24 November 2010 09:41 Go to previous messageGo to next message
Ernesto is currently offline  Ernesto   Sweden
Messages: 413
Registered: August 2005
Karma: 0
Senior Member
add to buddy list
ignore all messages by this user
I also would like to point out that only the administrator has access to the action log and there should be max 2 administrators, rest of the things can be handled by moderators.

The system is built with a single administrator in mind as far as I can tell, perhaps some things could be moved to front-end capability so we can have super-moderators and the likes, that does not have access to the backend, or only parts of it and hence we can prevent things like clearing action logs etc


Re: Feature Requests for logs [message #163697 is a reply to message #163694] Wed, 24 November 2010 10:23 Go to previous messageGo to next message
naudefj is currently offline  naudefj   South Africa
Messages: 3624
Registered: December 2004
Karma: 17
Senior Member
Administrator
Core Developer
remove from buddy list
ignore all messages by this user
twnick wrote:
(1) When I clear a log, I would expect there to be an entry made in the newly cleared log stating who cleared the log.


I like it!
Here is a patch for you to test: http://fudforum.svn.sourceforge.net/fudforum/?rev=5082&view=rev

Aanhaling:
(2) Of much lesser value, I would prefer that passwords from failed login attempts be hidden by default from the logs.


This is on my TODO list and will be implemented before the next release.
Re: Feature Requests for logs [message #163698 is a reply to message #163696] Wed, 24 November 2010 10:50 Go to previous messageGo to next message
naudefj is currently offline  naudefj   South Africa
Messages: 3624
Registered: December 2004
Karma: 17
Senior Member
Administrator
Core Developer
remove from buddy list
ignore all messages by this user
Ernesto wrote:
perhaps some things could be moved to front-end capability so we can have super-moderators and the likes, that does not have access to the backend, or only parts of it and hence we can prevent things like clearing action logs etc


We already have "account moderators" - super moderators that can access the User Manager ACP to create/ edit/ delete accounts.
Re: Feature Requests for logs [message #163699 is a reply to message #163698] Wed, 24 November 2010 10:56 Go to previous messageGo to next message
tw_nick   United States
Messages: 57
Registered: October 2010
Location: Dallas, TX
Karma: 0
Member
add to buddy list
ignore all messages by this user

Naudefj -
Thanks for the quick patch -- I've uploaded the files, and they work perfectly.
Re: Feature Requests for logs [message #164230 is a reply to message #163698] Wed, 12 January 2011 12:20 Go to previous message
The Witcher is currently offline  The Witcher   United States
Messages: 662
Registered: May 2009
Location: USA
Karma: 2
Senior Member
add to buddy list
ignore all messages by this user
naudefj wrote on Wed, 24 November 2010 09:23
twnick wrote:
(1) When I clear a log, I would expect there to be an entry made in the newly cleared log stating who cleared the log.


I like it!
Here is a patch for you to test: http://fudforum.svn.sourceforge.net/fudforum/?rev=5082&view=rev


I assume those two files simply replace the ones already there?

naudefj wrote on Wed, 24 November 2010 09:50
We already have "account moderators" - super moderators that can access the User Manager ACP to create/ edit/ delete accounts.


Are there any plans to extend that functionality, to other options?


"I'm a Witcher, I solve human problems; not always using a sword!"
Quick Reply
Formatting Tools:   
  Switch to threaded view of this topic Create a new topic
Previous Topic: FL and TV tables
Next Topic: Condensed Categories displaying "opened" when clicked
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Wed Oct 18 20:11:33 EDT 2017

Total time taken to generate the page: 0.00676 seconds