Information: Forum is in read-only mode
For details and other support options see

ACLs for phplogcon logs

This forum covers ideas and discussions on future phpLogCon versions. Most importantly, all discussions on the upcoming version 2 should go here.

Moderator: alorbach

Google Ads

ACLs for phplogcon logs

Postby chakkerz » Mon Jul 28, 2008 2:18 am

Hello there

I was wondering whether this is already a feature, or likely to become one (and if so how soon :) ).

We would like to use phplogcon to make all logs collected by our rsyslog cluster readable to people. However we don't want everyone here to read everyone's logs. Is there any way envisaged to limit access to certain sources by IP address (individual, though preferably ranges in CIDR notation)?

Thank you.

Posts: 39
Joined: Tue Jan 22, 2008 4:45 am
Location: Australia

Urgent Question?

  • Pulling out your Hair?
  • Wasting Time and Money?
  • Deadline Approaching?

Re: ACLs for phplogcon logs

Postby alorbach » Mon Jul 28, 2008 9:12 am


well with the new 2.5.x versions of phpLogCon we have introduced a UserDB System which allows you to create Users, Groups and assign logsources to them. So I guess you could setup access groups with log sources assign to their groups, and assign the users to the groups where they need access to.

However this would not prevent normal users to create their own log sources if they know the filename and path of the logfiles.
But nothing is impossible ;), so first of all I would recommend that you take a look to the new system and try and play with it a little bit.

More details here:

best regards,
Andre Lorbach
Site Admin
Posts: 1627
Joined: Thu Feb 13, 2003 11:55 am

Re: ACLs for phplogcon logs

Postby chakkerz » Tue Jul 29, 2008 5:41 am

Hello again

I've taken a look at it, but i'm having the following issue, and i might be imagining things, so bear with me and feel free to tell me if i'm doing it wrong :) :

- a user can be only a member of one group.
- a source can only be assigned to one group.
- admins overarch groups so:

I can have a bunch of admins, say team members and myself - we maintain things so we should see everything (we double as the Unix admins). But then it gets hairy: what if i want the Microsoft Admins to be able to access the server net, the database net, the exchange farm and their test networks, and the Database Admins to access the server net, the database net, but not exchange etc. I've just tried to do something like that and i didn't realize my interpretation of Admin is wrong... if i'm not a member of a group it vanishes.

But uses can be in multiple groups... So if i assign a unique group to every log, i can grant individual users access to logs in a sufficiently restrictive way...

That will work, it's not very straight forward ... I'd probably prefer multiple groups per source, but it is workable...

We were discussing the ACL by IP here, and we concluded it probably wouldn't be very sensible to implement... but then we aren't php coders :)

Cheers. chakkerz
Posts: 39
Joined: Tue Jan 22, 2008 4:45 am
Location: Australia

Google Ads

Return to Future Versions

Who is online

Users browsing this forum: No registered users and 0 guests