WPsyslog2 is a global log plugin for Wordpress. It keeps track of all system events and log them to syslog. It tracks events such as new posts, new profiles, new users, failed logins, logins, logouts, etc.

It also tracks the latest vulnerabilities and alerts if any of them are triggered, becoming very useful when integrated with a log analysis tool, like OSSEC HIDS. OSSEC requires the latest snapshot to properly analyze these logs: http://ossec.net/files/snapshots/ossec-hids-090812.tar.gz

If you have any questions, contact us a dcid @ ossec.net.

Download

wpsyslog2.tar.gz - 37453ef294b90b54fa2a7af3be72930e

Installation

1. Download the plugin file from the link above and place at the wp-content/plugins directory
2. Go to the Wordpress Plugin menu and activate it.
3. On the WPsyslog2 configuration panel you can choose more or less logging options.
4. If using OSSEC, it should start parsing and monitoring those logs by default (you can see them at /var/log/syslog or /var/log/messages).

Log Examples

Alerting on the WordPress <= 2.8.3 Remote admin reset password:

Aug 12 16:22:39 ourhome WPsyslog[13097]: [127.0.0.1 na] Warning: IDS: Attempt to reset password by attacking wp2.8.3 bug.

Logins, failed logins:

Aug 11 18:25:41 ourhome WPsyslog[14382]: [1.2.3.4 na] Info: User logged in. User name: admin (admin).
Aug 11 18:25:55 ourhome WPsyslog[14382]: [1.2.3.4 admin] Info: User logged out. User name: admin (admin).
Aug 11 18:26:05 ourhome WPsyslog[14382]: [1.2.3.4 na] Info: User authentication failed. User name: lala.

Credits

WPsyslog2 is a modification of the WPsyslog 0.1 (GPL) released by Alex Guensche. We modified the code to fix some bugs, add support for Unix syslog and add a few more actions (including failed logins, alerts on attacks, etc). Our goal is to provide a good and reliable audit trail for Wordpress. Currently maintained by Daniel B. Cid (dcid at ossec.net).