For a while I left Dropbox and other cloud storage solutions and decided to host my own file exchange service based on owncloud.org. I’m using it to exchange files with my partners and customers and keep a full control of the service from A to Z. A major advantage of ownCloud is itsÂ modular architecture which allows third party applications to be installed to extend its features. When I started to work with ownCloud, I wrote a first small application whichÂ adds a way to check the uploaded files against VirusTotal.
From my humble opinion, there is a point where ownCloud is lacking of good features: The way it managesÂ events. By default, it is possible to send events to a remote Syslog server or in a flat file but the format of the generated events is really ugly. External application were developed to log events into a MySQL database but here again it was not enough convenient for me. Next toÂ ownCloud, I’m also using ELK to manage my log files. It was clear that both solutions must be integrated and I wrote a small application which writes event directly into Elasticsearch. The idea and framework is based on SuperLog wrote by Bastien Ho.
ownCloud implements “hooks” that can be defined as:
AÂ function whose name can be used by developers of plug-ins to ensure that additional code is executed at a precise place during the execution of other parts of ownCloud code. For example, when an ownCloud user is deleted, the ownCloud core hookÂ post_deleteUserÂ is executed.
An application can place a hook on post_deleteuser and automatically performs actions when a user is deleted. seLog supports the following hooks. For each of them, an event is sent to Elasticsearch with relevant information (source IP address, login, file, folder, etc) everytime the action is performed by a user or a desktop client.
- Users management
- Shared files
Before the esLog installation, theÂ Elasticsearch PHP APIÂ must be deployed. Once done, you can setupÂ the application like any other one. Extract the archive content into the /apps directory. To complete the installation, three manual steps must be performed:
1. Copy the “/vendor” directory created during the PHP API installation into a directory readable by Apache
2. Edit the file app/eslog/lib/log.php and add the following line at the top:
require "/var/www/vendor/autoload.php"; # Change to your own location
3. To be able to log webdav operations, you must edit the remote.php file (in the root of ownCloud) and add the following line at the top:
Â require_once 'apps/eslog/spy.php';
That’s it! Now enable the application via the admin panel and configure it. The following parameters can be defined:
- Elasticsearch host (default: 127.0.0.1:9200)
- Elasticsearch authentication mechanism (default: none)
- Elasticsearch user & password (default: blank)
- Elasticsearch index (default: owncloud)
- Elasticsearch type (default: owncloud)
Here is a dashboard example with data received from ownCloud:
The esLog application is available on my Github account or on the official ownCloud apps repository. Comments, suggestions are welcome and happy logging!
Hi , is this applicable for OC 9?
Hi, thank you for the time spent on the app. I’ve opened up hooks,php and file reads are not being sent to es, however, you mention file reads above. Has it been omitted for some reason? Also, can you share your Kibana Dashboard?
The file is available here:
It is provided “as is” and can be improved for sure. It has been build as a simple test.
There is a typo in your howto
at step 3:
Great work! Can you share your Kibana Owncloud Dashboard?
Thanks a lot.