[Pdns-users] [Help] - Audit the user login & what had been edited in dns record
Đức Vinh Hồ
vinh.ho2110 at gmail.com
Mon Jan 21 09:30:53 UTC 2013
Dear all,
I have an dns server using PowerDNS and PowerAdmin-2.1.5
My system works great until one day, someone of my team logged in
PowerAdmin GUI website and change some PDNS record (all member of my team
had right to log-in & modify any record) So, that's the problem, i want to
audit what username logged in & what they do after logged-in. I found that
the latest version of poweradmin can help me to logging the success & fail
log in.
After some configuration & updating poweradmin version form 2.1.5 to 2.1.6,
in my /var/log/messages start to log user authenticated of powerdns.
For example: *
*
*Jan 21 11:45:19 localhost poweradmin: Successful authentication attempt
from [x.x.x.x] for user 'XXX'
*
*Jan 21 11:45:44 localhost poweradmin: Failed authentication attempt from
[x.x.x.x] for user 'YYY'*
*
*
So now, i want to save these information into a separate file (not in
/var/log/messages) And can you show me how to log what user do after logged
in (such as change record, add zone ... more detail more great)
Thank you so much !
Vinh Ho
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130121/d2fffd29/attachment.html>
More information about the Pdns-users
mailing list