mikeculbertson @ Mon Feb 02 19:56:47 EET 2015 We see that it's possible to configure some pretty serious debug-style logs in the logging options but is it also possible to specifically target admin activity such as user setting changes, user additions/removals, etc?
We've had a couple unexpected admin modifications and we haven't been able to track them down in the logs with any great clarity. Are we missing something?
spinkb @ Tue Feb 03 05:44:42 EET 2015 My suggestion or this is looking int he backup folder of CrushFTP, it has archived copies of the user.xml and prefs.xml any time a change is made.
So you know the time of the change. Then go to the CrushFTP.log for that time period, and see what admin user was logged in and the log has commands like setUserItem, or setServerItem, etc. These can be used to see what action they were taking...but you already know what they did, you just need to know who it was and the log will tell you that.
Your not sharing admin credentials are you? :) If so...then look by IP in the log.
over 3 years ago
mikeculbertson @ Tue Feb 03 11:43:55 EET 2015 Hah, no, only a small set of people have admin which is why the changes we're chasing were somewhat mysterious. Tracking back via the UI commands did the trick in this case, though a succinct admin log would be a really fantastic feature. For use cases like ours, admin/security logs are actually more valuable than detailed user activity.