, ,

App of the Week: Auditing

Posted by ownCloud GmbH – 18. August 2017

Welcome to the third part of our ownCloud App of the Week blog series. In this entry we would like to introduce the ownCloud Auditing application and showcase why logging and auditing of user events & activities is crucial for secure enterprise filesharing scenarios.

When it comes to sensitive business data, security always has the highest priority. Firewalls, encryption, authentication, access restrictions or device management – there are numerous ways of raising security levels in professional IT environments. But how can you make sure all security measures are working as planned? And how can you prove it? Well, this is where logging and auditing of the ownCloud system comes into play.

To start off, ownCloud Server comes with a built-in logging mechanism that protocols all technical system activity (e.g. PHP messages, background job reports, configuration issues). By default this information is collected and stored in the owncloud.log file. This ownCloud log file comes in handy for a variety of uses, for example to review the system status or to help debug problems. The detail of the logging may be adjusted in five levels, ranging from 0: DEBUG to 1: INFO, 2: WARN, 3: ERROR and 4: FATAL with 0: DEBUG being the most detailed logging level. By default the log level is set to 2: WARN.

A complete technical Logging Configuration guide can be found in the ownCloud documentation:
https://doc.owncloud.org/server/latest/admin_manual/configuration/server/logging_configuration.html

Okay, but what does the Auditing App do?

Put simply, the Auditing application for ownCloud adds the logging of user and administrator actions to the ownCloud logging mechanism to make them traceable and auditable. While the basic ownCloud Logging functionality is mainly for system information, the Auditing application also logs:

  • Login and logout events of users
  • File system operations of users (create/delete/move; including actions on the trash bin)
  • Sharing operations of users (internal sharing with users or groups, sharing via public link, change permissions, calls to sharing API from clients)
  • File tagging operations of users (add/remove tags)
  • User management operations (creation/deletion/activation/deactivation of users)
  • Enabling/disabling of ownCloud Apps
  • Executions of OCC commands (CLI)

By default the Audit log messages have the log level 1: INFO and are added to the standard owncloud.log file. Make sure your general log level is set to 1: INFO or higher in config.php. For a better overview and potential external audit usage it is easily possible to create a separate audit log file, e.g. a file named audit.log. An example on how to split these files can be found in config.sample.php.

And there you have it – a simple and powerful auditing application for user and admin activities in your ownCloud. You are now able to review and track all types of user events, file and sharing operations, OCC command executions and even user management operations. With the Auditing application your IT-Department is able to always guarantee a full overview of user and admin activities and can easily follow-up on suspicious behavior. You are now also able to prove the integrity and compliance of your ownCloud system, for example for third party security audits and reviews.

The ownCloud Auditing App can be found here:
https://marketplace.owncloud.com/apps/admin_audit

So, are you already using the ownCloud Auditing App? As always we’d love to hear your feedback. Stay tuned for next weeks App of the Week Blog!

Overview of the past ownCloud App of the Week Blogs:

App of the Week – LDAP Home Connector
App of the Week – Market