Feature Suggestion: Historical Logs & Pool Change Auditability

ivan.kronawetter

Hello Foreman Team,

Following up on my previous message, I would like to share the operational reasons behind this feature suggestion, based on a real incident we recently investigated.

We discovered that a technician had been changing the mining pools of several miners. In order to verify what had happened, we were forced to manually connect to a workstation and download historical logs from approximately 50 miners, one by one.

By analyzing those logs, we confirmed that:

  • Some miner logs clearly show when a pool was changed and to which pool, including timestamps.
  • These timestamps match exactly with the moments when miners were deleted from Foreman, as recorded in Foreman’s audit log.

This allowed us to reconstruct the incident reliably — but only through a manual, time-consuming, and non-scalable process.

Important clarification

This situation was not caused by Foreman, nor by the invalid pool system.

The root cause was negligence by the main account holder of the site, who left their personal Foreman account open, allowing the technician to:

  • Delete miners from Foreman
  • Reconfigure pools directly at miner level

Foreman’s audit log was actually key to correlating the events, which further highlights the importance of strengthening historical traceability.

Feature proposals

Based on this experience, we see two possible (and complementary) improvements:

  1. Download of historical miner logs (last ~50 days)
    • Similar to what is available at miner level via [dlogs]
    • Accessible directly from Foreman, without manual connection to each machine
  2. Historical pool change summary (recommended option)
    • Foreman could parse miner logs and extract:
      • Date & time of pool changes
      • Previous pool → new pool
    • Allow operators to download a consolidated historical report of these actions

The second option would be especially powerful, as it would:

  • Avoid raw log handling
  • Provide immediate visibility into unauthorized or unexpected pool changes
  • Greatly simplify audits, incident investigations, and client disputes

Additional suggestion: Audit Log completeness

During this investigation, we also noticed that:

  • Foreman clearly logs when miners are deleted
  • However, I could not find (or may have missed) equivalent visibility for when miners are added

It would be very helpful if the audit log explicitly recorded:

  • Miner additions
  • User, timestamp, and action source

This would further strengthen accountability and traceability in multi-user environments.

Overall, these features would significantly improve:

  • Security
  • Operational transparency
  • Incident response
  • Trust for hosting clients operating at scale

Thank you for your time and for the robustness of the platform. I’m happy to provide additional technical details or real logs if useful for evaluation.

Best regards,
Iván Kronawetter

0

Comments

0 comments

Please sign in to leave a comment.