Feature Requests for logs [message #163694] |
Wed, 24 November 2010 14:19 |
tw_nick
Messages: 57 Registered: October 2010 Location: Dallas, TX
Karma: 0
|
Member |
|
|
I use FUD for an internal discussion forum/knowledge base for a group of users at my company. As the admin for this site, I periodically look at the logs to troubleshoot an issue, and a couple of things concern me about the current implementation of the logging functions in the software:
(1) When I clear a log, I would expect there to be an entry made in the newly cleared log stating who cleared the log. For compliance and security reasons, this is extremely important to enterprises who use the software internally. For more public applications, it's just helpful if there are multiple admins to be able to capture that info.
(2) Of much lesser value, I would prefer that passwords from failed login attempts be hidden by default from the logs. Perhaps an option could be added to "reveal passwords" that would allow them to be viewed when that is specifically what the admin needs to see, but by default it would be better (IMHO) if they were masked. Granted, they are passwords that didn't allow access, so they may be of no value to compromising the forum security, but many users use the same password for multiple sites...right or wrong.
|
|
|
Re: Feature Requests for logs [message #163695 is a reply to message #163694] |
Wed, 24 November 2010 14:39 |
Ernesto
Messages: 413 Registered: August 2005
Karma: 0
|
Senior Member |
|
|
The error log is saved to DATA_ROOT/errors and the file itself is not cleared when you clear the error list, same with the SQL error log.
I totally agree with you on the action log, I think it should be far more detailed, as well as protected from deletion, and not as dynamic so that when an admin deletes a message for example, I don't wanna see "message no longer in the system" as the message title, I would like to see the proper message title that existed before, as well as the message info saved so i can locate the deleted message in the message files - IE, safeguards so we can undo things, and track things.
I am thinking we could have a separate table holding deleted message info, and the option for the mod/user/admin who deletes the message to enter a reason etc. Currently if not using database, the original message will be saved in the message file eventhough the pointer will be removed - shouldnt be hard to just copy that info into a delete table and add another firled for delete reason, ID of the deleter, etc.
Many, many many things we can improve in the backend, IMO.
I also agree with the passwords to be hidden by default, i dont see any reason why an admin should see them in cleartext - i know of course they can be found out with some reverse engineering, but I jsut don't think it's necessary.
Further, filtering in the error log would be nice - I get tons of "that page doesnt exist" spam from robots and it's slightly annoying.
Ginnunga Gaming
|
|
|
Re: Feature Requests for logs [message #163696 is a reply to message #163695] |
Wed, 24 November 2010 14:41 |
Ernesto
Messages: 413 Registered: August 2005
Karma: 0
|
Senior Member |
|
|
I also would like to point out that only the administrator has access to the action log and there should be max 2 administrators, rest of the things can be handled by moderators.
The system is built with a single administrator in mind as far as I can tell, perhaps some things could be moved to front-end capability so we can have super-moderators and the likes, that does not have access to the backend, or only parts of it and hence we can prevent things like clearing action logs etc
Ginnunga Gaming
|
|
|
|
|
|
Re: Feature Requests for logs [message #164230 is a reply to message #163698] |
Wed, 12 January 2011 17:20 |
The Witcher
Messages: 675 Registered: May 2009 Location: USA
Karma: 3
|
Senior Member |
|
|
naudefj wrote on Wed, 24 November 2010 09:23twnick wrote:(1) When I clear a log, I would expect there to be an entry made in the newly cleared log stating who cleared the log.
I like it!
Here is a patch for you to test: http://fudforum.svn.sourceforge.net/fudforum/?rev=5082&view=rev
I assume those two files simply replace the ones already there?
naudefj wrote on Wed, 24 November 2010 09:50We already have "account moderators" - super moderators that can access the User Manager ACP to create/ edit/ delete accounts.
Are there any plans to extend that functionality, to other options?
"I'm a Witcher, I solve human problems; not always using a sword!"
|
|
|