Hi,
as Univention is working with Docker and I do not know how Docker works, I am unsure in which container nextcloud is doing the log. I have to know it, because I would like to use fail2ban.
Any tipps are welcome 
I believe log files can be reached directly by path.
Try looking in
/var/lib/univention-appcenter/apps/nextcloud/
1 Like
Exactly:
/var/lib/univention-appcenter/apps/nextcloud/data/nextcloud-data/nextcloud.log
Example for a failed login:
{"reqId":"wEDEQKXhyuBqcJCiOqZz","level":2,"time":"2021-02-09T18:54:25+00:00","remoteAddr":"xx.xx.235.114","user":"--","app":"no app in context","method":"POST","url":"/nextcloud/login","message":"Login failed: anonymous (Remote IP: xx.xx.235.114)","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:85.0) Gecko/20100101 Firefox/85.0","version":"20.0.2.2"}
1 Like