Difference between revisions of "NATS4 Log Admin Activity"
From TMM Wiki
Jump to navigationJump to searchTMMStephenY (talk | contribs) m |
m |
||
Line 40: | Line 40: | ||
//pull only the info we want from the URL | //pull only the info we want from the URL | ||
− | $qs = $_REQUEST[' | + | $qs = $_REQUEST['query_string']; |
− | $loginid = $_REQUEST[' | + | $loginid = $_REQUEST['performed_action_loginid']; |
$ip = $_REQUEST['performed_action_ip']; | $ip = $_REQUEST['performed_action_ip']; | ||
$scr = $_REQUEST['performed_action_script']; | $scr = $_REQUEST['performed_action_script']; |
Latest revision as of 15:12, 24 January 2013
NATS is able to log every request made by any administrator logged into your NATS install, but this feature is disabled by default, as this will greatly inflate your logs. To enable administrator activity logging, simply add the following line to your config.php file that is located in the includes folder of your NATS install.
$config['ADMIN_ACTION_POSTBACK'] = 'http://example.com/myadminpostback.url';
Replace the URL in the example with a script that you created to accept the postback and log it. You can write the log to either a simple text file or a database using one of the sample scripts below.
Text Log Example Script
<?php //check to make sure the request is actually coming from NATS if ($_SERVER['REMOTE_ADDR'] != "192.168.0.0") exit; //this should be the IP for your NATS install //please make sure that log file and directory are read/write accessible to Apache $logpath = "admin_activity.log"; //This is where your log file exists on your server $logfile = fopen($logpath, 'a') or die; //write the entry to the log file foreach ($_REQUEST as $name=> $string) fwrite($logfile, htmlentities($name)." => ".htmlentities($string)."\n"); fclose($logfile); ?>
Database Log Example Script
<?php //check to make sure the request is actually coming from NATS if ($_SERVER['REMOTE_ADDR'] != "192.168.0.0") exit; //this should be the IP for your NATS install //connect to the DB $myDB = mysql_connect("mydb_hostname", "mydb_username", "mydb_password"); //checks for valid connection and valid name of the db as specified in DBname if ($myDB && mysql_select_db('DBname', $myDB)) { //pull only the info we want from the URL $qs = $_REQUEST['query_string']; $loginid = $_REQUEST['performed_action_loginid']; $ip = $_REQUEST['performed_action_ip']; $scr = $_REQUEST['performed_action_script']; $time = $_REQUEST['performed_action_time']; //strips any unwanted slashes from the postback if(get_magic_quotes_gpc()) { $qs = stripslashes($qs); $loginid = stripslashes($loginid); $ip = stripslashes($ip); $scr = stripslashes($scr); $time = stripslashes($time); } $query = sprintf("INSERT INTO admin_logs (query_string, loginid, ip, script, time) VALUES ('%s','%s','%s','%s','%s')",mysql_real_escape_string($qs),mysql_real_escape_string($loginid),mysql_real_escape_string($ip),mysql_real_escape_string($scr),mysql_real_escape_string($time)); //execute query $res = mysql_query($query, $myDB); mysql_close($myDB); } ?>