NATS4 Log Admin Activity

From TMM Wiki
Jump to navigationJump to search
NATS 4
Members Admin
The Members Admin
View Member Details
Add Member
MySQL Auth
Mod Authn DB
Multisite Access
Member Logging
Member Password Retrieval
OpenID Connect
Mod Auth OpenIDC
ID Numbers
NATS Configuration Admin
The Configuration Admin
Log Admin Activity
IP Address Filtering
MEMBER_EXPIRE_PAD
SKIP COUNTRIES
Fraud Configuration
Email Configuration
Affiliate Signup Email
Affiliate Postback
Affiliate Postback NEW
Affiliate Analytics
Throttling
NATS4 Terms of Service feature
GeoIP2

NATS is able to log every request made by any administrator logged into your NATS install, but this feature is disabled by default, as this will greatly inflate your logs. To enable administrator activity logging, simply add the following line to your config.php file that is located in the includes folder of your NATS install.

$config['ADMIN_ACTION_POSTBACK'] = 'http://example.com/myadminpostback.url';

Replace the URL in the example with a script that you created to accept the postback and log it. You can write the log to either a simple text file or a database using one of the sample scripts below.

Text Log Example Script


<?php
//check to make sure the request is actually coming from NATS
if ($_SERVER['REMOTE_ADDR'] != "192.168.0.0") exit; //this should be the IP for your NATS install

//please make sure that log file and directory are read/write accessible to Apache
$logpath = "admin_activity.log"; //This is where your log file exists on your server
$logfile = fopen($logpath, 'a') or die;
//write the entry to the log file
foreach ($_REQUEST as $name=> $string) fwrite($logfile, htmlentities($name)." => ".htmlentities($string)."\n");
fclose($logfile);
?>

Database Log Example Script


<?php
//check to make sure the request is actually coming from NATS
if ($_SERVER['REMOTE_ADDR'] != "192.168.0.0") exit; //this should be the IP for your NATS install

//connect to the DB
$myDB = mysql_connect("mydb_hostname", "mydb_username", "mydb_password");

//checks for valid connection and valid name of the db as specified in DBname
if ($myDB && mysql_select_db('DBname', $myDB)) {

//pull only the info we want from the URL
$qs = $_REQUEST['query_string'];
$loginid = $_REQUEST['performed_action_loginid'];
$ip = $_REQUEST['performed_action_ip'];
$scr = $_REQUEST['performed_action_script'];
$time = $_REQUEST['performed_action_time'];

//strips any unwanted slashes from the postback
if(get_magic_quotes_gpc()) {
$qs = stripslashes($qs);
$loginid = stripslashes($loginid);
$ip = stripslashes($ip);
$scr = stripslashes($scr);
$time = stripslashes($time);
}

$query = sprintf("INSERT INTO admin_logs (query_string, loginid, ip, script, time) VALUES ('%s','%s','%s','%s','%s')",mysql_real_escape_string($qs),mysql_real_escape_string($loginid),mysql_real_escape_string($ip),mysql_real_escape_string($scr),mysql_real_escape_string($time));

//execute query
$res = mysql_query($query, $myDB);
mysql_close($myDB);
}
?>