Page Index Toggle Pages: 1
Topic Tools
Normal Topic Logs (Read 1,525 times)
The Boy
Full Member
***
Offline



Posts: 339
Location: UK
Re: Logs
Reply #9 - Oct 9th, 2012 at 7:07pm
Post Tools
A) Nope, sadly, as that would make it scriptable IMHO
Extract
Grep recipients (who we know) .msg file and if search string found, copy .msg file somewhere
Delete Extract
Repeat for next backup in timeframe

B) Yeah, I've come to that conclusion as well Sad


Backups are hourly tar+gzip of the entire YaBB filesystem.
Logs are bog standard Apache access.log (renamed when they roll over, every 3 hours)

Get a sneaking suspicion I'm going to be continuing with the manual method  Cry
  
Back to top
WWW  
IP Logged
 
JonB
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline



Posts: 3,785
Location: Land of the Blazing Sun!

YaBB 2.6.0
Re: Logs
Reply #8 - Oct 9th, 2012 at 1:28pm
Post Tools
A. Do we know an absolute verbatim string that was contained in the PM, or even better the complete message?

B. I don't think the Apache logs are going to be much help without the YaBB username, which would have to be matched to an IP. I got road-blocked on that pursuit. I know the script to access log sequence for PM's now, and access logs only really know IP's.

"A." up there has some real promise (combined with the recipients yabb username).  What exact format are the backups in?  Where are the backups stored, and on what kind of filesystem/OS.  It may be possible to scan through the backups without extracting them.

Could I ask (in order to avoid ever being put in this awful hole) what liability or presumption of duty does this (presumably court/legally ordered) rely upon?  I work on these issues in 'real life', so I am very concerned.

Good luck on this matter.  Undecided

Thanks for all your support, (and we are going to make you and all the other YaBB lovers proud  Wink )

Cool
  

I find your lack of faith disturbing.
Back to top
IP Logged
 
The Boy
Full Member
***
Offline



Posts: 339
Location: UK
Re: Logs
Reply #7 - Oct 8th, 2012 at 6:32pm
Post Tools
Dandello wrote on Oct 8th, 2012 at 2:00pm:
Just as an additional tickler note to make a search a little easier (maybe). Dates and times are stored in the messages in what's called epoch time, which on most systems is the number of seconds since January 1, 1970 00:00:00.
If you can calculate your boundary dates, you should be able to do a search using part of the date-number and wildcards. (maybe)



Yeah, got that. But my time frame is quite wide, thus hoping to get something useful from the Apache logs (which I can extract them all into the same location, and grep for a search string, but I don't think there is anything useful in the Apache logs?).

Option 2 is to extract the .msg for the recipient for the 2100+ backups I have in this 90 day timeframe (wide timeframe, as it happened 18 months ago), but would then have to go manually through all those 2100 files...
  
Back to top
WWW  
IP Logged
 
The Boy
Full Member
***
Offline



Posts: 339
Location: UK
Re: Logs
Reply #6 - Oct 8th, 2012 at 6:28pm
Post Tools
JonB wrote on Oct 8th, 2012 at 1:30pm:
How much do you actually know about the 'alleged' sender?  Do you know the usernames?

Sadly, only the recipent. Not the sender.
  
Back to top
WWW  
IP Logged
 
Dandello
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline



Posts: 2,130
Location: Earth

YaBB 2.6.0
Re: Logs
Reply #5 - Oct 8th, 2012 at 2:00pm
Post Tools
Just as an additional tickler note to make a search a little easier (maybe). Dates and times are stored in the messages in what's called epoch time, which on most systems is the number of seconds since January 1, 1970 00:00:00.
If you can calculate your boundary dates, you should be able to do a search using part of the date-number and wildcards. (maybe)


  

If you only have one solution to a problem you're not trying hard enough!
Back to top
WWW  
IP Logged
 
JonB
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline



Posts: 3,785
Location: Land of the Blazing Sun!

YaBB 2.6.0
Re: Logs
Reply #4 - Oct 8th, 2012 at 1:30pm
Post Tools
I worked on this last night.

How much do you actually know about the 'alleged' sender?  Do you know the usernames?

Maybe you should PM me and describe what it is you are supposed to be doing, what the allegation is etc.etc. I'm normally pretty keen on forensics, but there is only so much you can do without specifics.  There may also be a more direct method of attack IF we have certain information.

Thanks & good luck
Cool
  

I find your lack of faith disturbing.
Back to top
IP Logged
 
The Boy
Full Member
***
Offline



Posts: 339
Location: UK
Re: Logs
Reply #3 - Oct 7th, 2012 at 9:07pm
Post Tools
JonB wrote on Oct 5th, 2012 at 10:08am:
I will look into it.  You may be correct, but I'm unsure.  Is it only the existence of the action that we are trying to determine? Like on X day did user S send a PM?  Or, do we want to know the details?  If, so what details?

Thanks
Cool

Once I know the date/time when (if!!) the PM was sent, then I can extract the relevent backup, and check the .msg and .outbox files.

So hoping to use logs to get a when/if Smiley
  
Back to top
WWW  
IP Logged
 
xnoddyx
Support Team
Documentation Team
YaBB Moderators
YaBB Next Team
Beta Testers
****
Offline



Posts: 1,584
Location: UK:Scotland/livingston

None
Re: Logs
Reply #2 - Oct 5th, 2012 at 12:06pm
Post Tools
The Boy wrote on Oct 5th, 2012 at 9:19am:
I have all the backups, and all the Apache logs.  Trouble with backups, I need to extract each one, check it, then extract the next one etc...  ...problem being, I have a 90 day timeframe of when it may have happened, so that 90d x 24hr/day = 2160 backups to look through  

are the backups on the server or your pc if there on your pc goto where the backups are then find all user_name.msg files for the one that got the pm copy them as you will need to rename them if your not on xp

if your on xp in the folder you copyed all the .msg files to look in all files and folders for the User ID: of the one that sent the pm and xp will have a look in the .msg files for this.

in vista and win7 this will not happen with .msg files so you will have to rename them to .txt then

   a.  Hit the start button and type "search" in the search box.
   b.  Select "Change How Windows Searches"
   c.  Hit "Advanced"
   d.  Select the "File Types" tab.
   e.  Make sure the file extension for the files you want to search in is on the list *and* is set to "Index Properties and File Contents" (yes, pick your jaw up off the floor).  I know this appears to be for file indexing, but it does seem to make a difference on whether you find the file in non-indexed locations as well.
   f.  Say "Ok" and exit all the dialog boxes

then if you press the "Alt" key when you're exploring in the folder, you can choose "Tools / Folder Options" go to the "Search" tab and select "Always search file names and contents".
then in the Search box enter the name of the one that sent the pm and it will highlight all .txt files with a pm from that user

and in the .msg .txt it looks like
118405648521935|bad_user|admin
and this is (i am pos this date_time#) then pm from bad_user pm to admin

and yes i know it's not fast but it is the only way i know how to do what you ask  Sad  sorry i can't be of more help  Cry
  

YaBB install help video
1. what yabb forum are you running and the url
2. describe in as much detail as you can what happens and also post screenshots if you can
3. please be patient we live in different time zones and have other commitments but we will help you
as bill and ted say (Be excellent to each other)
Back to top
IP Logged
 
JonB
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline



Posts: 3,785
Location: Land of the Blazing Sun!

YaBB 2.6.0
Re: Logs
Reply #1 - Oct 5th, 2012 at 10:08am
Post Tools
I will look into it.  You may be correct, but I'm unsure.  Is it only the existence of the action that we are trying to determine? Like on X day did user S send a PM?  Or, do we want to know the details?  If, so what details?

Thanks
Cool
  

I find your lack of faith disturbing.
Back to top
IP Logged
 
The Boy
Full Member
***
Offline



Posts: 339
Location: UK
Logs
Oct 5th, 2012 at 9:19am
Post Tools
Would I be right in saying that YaBB has no logs of PMs sent, and that wading through Apache logs won't give the answer I'm looking for?

Basically, its alleged a PM was sent approximately 18 months ago on my forum, and I need to be able to prove/disprove it.

I have all the backups, and all the Apache logs.  Trouble with backups, I need to extract each one, check it, then extract the next one etc...  ...problem being, I have a 90 day timeframe of when it may have happened, so that 90d x 24hr/day = 2160 backups to look through Sad
  
Back to top
WWW  
IP Logged
 
Page Index Toggle Pages: 1
Topic Tools
 
  « Board Index ‹ Board  ^Top