[Pdns-users] [Help] - Audit the user login & what had been edited in dns record

Bogdan Enache enachebogdan at gmx.com
Mon Jan 21 13:46:26 UTC 2013 

Hi Đức,
I'm the original contributor to this facility.

I think that support questions regarding PowerAdmin should be directed
to PowerAdmin site.

And regarding your questions: full audit has not been implemented to
PowerAdmin (tracking modifications, deletions etc).
The original thread about the syslog implementation is here:
https://www.poweradmin.org/trac/ticket/431
The purpose of the changes was to track and ban ip's that try to
brute-force hack their way into the web interface, using fail2ban.

Sending the logs to another file (and not to /var/log/messages): make
sure you read a tutorial on how to redirect syslog facilities to another
files for your distribution.
For example, what you could try:

config.inc.php:
|$syslog_facility = LOG_LOCAL5|;

/etc/syslog.conf:
# Log pdns, pdns recursor
local5.* /var/log/poweradmin.log

Have a nice day.

Bogdan E.


Pe 21.01.2013 11:30, Đức Vinh Hồ a scris:
>
> Dear all,
>
> I have an dns server using PowerDNS and PowerAdmin-2.1.5
>
> My system works great until one day, someone of my team logged in
> PowerAdmin GUI website and change some PDNS record (all member of my
> team had right to log-in & modify any record) So, that's the problem,
> i want to audit what username logged in & what they do after
> logged-in. I found that the latest version of poweradmin can help me
> to logging the success & fail log in.
>
> After some configuration & updating poweradmin version form 2.1.5 to
> 2.1.6, in my /var/log/messages start to log user authenticated of
> powerdns.
>
> For example: /
> /
>
> /Jan 21 11:45:19 localhost poweradmin: Successful authentication
> attempt from [x.x.x.x] for user 'XXX'
> /
>
> /Jan 21 11:45:44 localhost poweradmin: Failed authentication attempt
> from [x.x.x.x] for user 'YYY'/
>
> /
> /
>
> So now, i want to save these information into a separate file (not in
> /var/log/messages) And can you show me how to log what user do after
> logged in (such as change record, add zone ... more detail more great)
>
> Thank you so much !
>
> Vinh Ho
>
>
>
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users

More information about the Pdns-users mailing list