New log file: login.log

Version 1.453

Feature
Finished

In addition the the error.log, errortaskq.log, security.log, a new log has been added: /var/log/directadmin/login.log It will follow the same rules as for the other logs.. meaning, if you've already changed the logdir= variable, it will follow that path. Also, if you use syslog for logging with the use_syslog, the "priority" is set as: LOG_AUTHPRIV|LOG_INFO The messages will look like this: 2014:05:08-01:40:09: '192.168.0.1' 15 failed login attempt on account 'test' 2014:05:08-01:40:09: '192.168.0.1' 16 failed login attempt on account 'test' 2014:05:08-01:40:09: '192.168.0.1' 17 failed login attempt on account 'test' 2014:05:08-01:40:09: '192.168.0.1' 18 failed login attempt on account 'test' 2014:05:08-01:40:09: '192.168.0.1' 19 failed login attempt on account 'test' 2014:05:08-01:40:13: '192.168.0.1' successful login to 'test' after 19 attempts Where all failed attempts are logged into the login.log, as well as the single succesful login It does not log each navigation/click once the login is already done. The difference between this, and what the security.log already has, is that it will login all failed attempts, while the security.log only starts logging after the alert threshold is hit. DA will check for login.log in the file /etc/logrotate.d/directadmin, and will copy the new file to that location if it doesn't exist. For FreeBSD, it will add the required entry into the /etc/newsyslog.conf. The log is also added to the data/templates/logs.list. With regards to the Brute Force Monitor (BFM) the default rest time of 120 seconds has been increased to 1200 seconds (20 minutes), which is the amount of time from the last attempt before the failed login count is reset. ------------ For "Login As", it will show up like this: 2014:05:08-02:12:34: '192.168.0.1' 4 failed login attempts. Account 'test' via 'admin' 2014:05:08-02:12:37: '192.168.0.1' successful login to 'test' via 'admin' after 4 attempts For Auth Basic / API logins, it will look like this, as well as the login-as: 2014:05:08-02:22:28: '127.0.0.1' successful Basic Auth/API login to 'test' 2014:05:08-02:22:54: '127.0.0.1' successful Basic Auth/API login to 'test' via 'admin'

Interested to try DirectAdmin? Get a 30-day Free Trial!