Report root password change IP

[Jin]

Why doesnt CSF report the ip address of the machine which changes the root password?

That seems like something which would be very useful for intrusion tracking.

It could mean the difference between telling a member of staff they need to improve their communication or reinstalling a whole server.

[chirpy]

There's no way to determine that, unless you have a suggestion on a log file and line where that information could be found.