Dangerous and misleading

OK, I’ll bite. What’s getting missed with this plugin and what it logs and how could that be dangerous?

I’ve not installed it yet but it seems that it would tell you which user account performed which action. An audit log by itself is not security but it can contribute to identifying who performed what actions.

Hi Tigr,

I am sorry to hear you are disappointed with the plugin.

If you can explain in more detail to us “what critical security changes” the plugin is missing we would definitely address your concerns. You can also contact me directly on [email protected].

Looking forward to hearing from you.

Sure. As I say, first you had a problem of swamping me with data so that the relevant information was buried in a mountain of detail. Fortunately, that has cleared and I was happy for a while.

Now I thought that everything was fine with the website because there are no security alerts and everything is oh, so quiet. Suddenly I needed to investigate something and I went to the log. The log contained no information at all. It was empty.

I quickly switched to another site and that one had a single entry that read “5 events automatically deleted” dated an hour or so ago. And nothing else. So I did not have any log whatsoever on either site. Although previously they both worked just fine.

Now, we are talking about a security critical component here – the audit trail. I rely on it to do its job. When it does not or cannot do its job for some reason I expect to know about it right away. In this case, the plugin did not report anything to me and kept me happy by not logging (or deleting the info).

No logging is better than false logging.

Hi Tigr,

First of all thank you for taking the time to give us feedback, much appreciated. In the meantime I would also like to clear some things out:

1. You said that we had a problem of swamping you with data – this was never the case, i.e. we never dealt with such an issue. Can you please be more specific? The only “somehow related” issue we had is that in the early days we had some problems with how we were using the database resources, yet nothing that would affect the type of logs and what the users see. With time we ironed out these issues.

2. In the last version of the plugin to date (1.3.2) we addressed an alert pruning problem the plugin had; when the pruning was set to delete alerts when there is more than the configured number, the plugin was pruning all the logs. This problem was only happening when the pruning option was set on “Keep Up to”. And most probably this is the issue you were encountering. Yes it was a bug and we excuse ourselves for having such an issue, though as usual we made it a point to address it as soon as we noticed it. Unfortunately there is no way how the plugin could have “alerted” you, since this was a bug.

To ensure you get the best out of the plugin, can you please uninstall it completely, reinstall the latest version and reconfigure the pruning settings? I can assure you that it will work well. Once finished please confirm to us. As a small token of appreciation for your taking up your time to troubleshoot this issue I invite you to send me an email on [email protected] so I’ll send you a small reward.

Looking forward to hearing from you.