Jump to content

An amazing feature omission.


Guest Joe Friday

Recommended Posts

So I may be showing my age but during a recent security audit of my forum I was amazed to learn that there are logs for just about everything except user logins. My amazement comes from the fact that this is a time honored "Systems Administration 101" class of information that dates back to the first time shared computer systems. The simple act of who logged in and when they logged in is not captured by the IP Board software. Yet just about every other activity is logged. It's not like we are talking about a lot of data here. This would be a very small database.

What I'd like to see is a very simple log called "access log". The log should include three simple pieces of data, username, IP address and time stamp.

I have written a small program to compile the viewing data of threads from the Invision hosting raw access logs. This is useful from both a marketing perspective as well as security perspective. However, as the software functions today, unless a user does some positive action like Post, PM or register while using that IP address, there is no trail for an Admin to follow.

Here are some of the uses I've put this data to:

  1. Analysis of hot threads and the demographics of who is interested. This permits me to better manage what new forums need to be created or what topics may require their own sub forums.
  2. Abusers using anonymizers to read a thread then log back in under an alias account to cause mischief. I've caught more than one person using alias accounts for mischief purposes.
  3. A better understanding of system load times based on regional demographics. This allows me to also balance Admin or moderator manpower by demographic and region.
I can do 90% of this analysis using the raw web logs and extracting the PHP database of posts. I simply match up the IO addresses to the user and I have a database I can now use for analysis. However, if a person logs in via dialup connection they will have a new IP address on each connection. If they do no activity other than read posts, we will see that activity in the web log but there is no way to match that to a user. Such users appear as UFOs on our analysis sheet. Also, if it is a dialup IP like AOL, multiple users will use that IP address. It is useful to know who was on that connection and when. This data is visible real time in the "last click" view however, it is not logged.

Now having said all that. A really, really cool feature would be to allow the Root Admin to create a "Custom Log". If I had that, just about any analysis would be made much easier. By custom I mean both field data as well as forum the ability to filter what gets logged without writing new code. I realize this request is a much greater scope but one must have dreams. Right? ;)
Link to comment
Share on other sites

This would be a very small database.


I think this assumption is incorrect. In prior versions of IPB where you didn't have the option to prune spider logs, they could quickly occupy a huge chunk of your total database size. And that's logging search engine spiders, not the hundreds or thousands of registered members that may be visiting your site every day. I think you'll find that if you are logging just this little bit of info, doing the thousands of logs of it will quickly add up to a large total size.
Link to comment
Share on other sites

While I don't think this will be a small database. I don't think it will be any larger than the spider logs. So long as it can be pruned I personally think this is a good idea. I know I would find it useful, especially if I can define the reports that can be generated with this data.

Link to comment
Share on other sites

While I don't think this will be a small database. I don't think it will be any larger than the spider logs.



Probably about as useful, too. What would concern me about it is that people would use it for something. I'd be scared to see how many different IPs i've logged into this site from. Work IP, which changes.. Home IP, which I can change at a moment's notice and then gets changed by my ISP 2 or 3 times a year.

Then.. What about the "Show me everything about this IP".. That's already taxed with the amount of data it handles.

Then.. What about the AOL users? Quite often they share IP addresses. I've had multiple people ask about this feature because they want to use it to delete 'multiple' accounts that people setup.. not realizing that it is possible for two separate users on opposite sides of the country to have the same IP. Even at the exact same time with the way AOL does some of their caching. Additionally, an AOL user can have a different IP for each click they make. Which is why the "Reset Security Login Key" being set to Yes doesn't make AOL users happy.
Link to comment
Share on other sites

I think this assumption is incorrect. In prior versions of IPB where you didn't have the option to prune spider logs, they could quickly occupy a huge chunk of your total database size. And that's logging search engine spiders, not the hundreds or thousands of registered members that may be visiting your site every day. I think you'll find that if you are logging just this little bit of info, doing the thousands of logs of it will quickly add up to a large total size.


It was ineffective though, you can keep records of regions/users a lot more efficiently than 200000 rows of bot logs.
Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...