Feature Request: include IP and username in logging for failed attempts #119
Comments
|
Excellent idea and shouldn't be too hard to implement. |
mprasil
added
enhancement
|
I'm interested in trying to add this, but I can't seem to find any log file. The only logging that I am finding is the logging to stdout that Rocket usually does. Am I missing something obvious? |
|
There's #63 for logging to file, but that is currently pending some upstream changes. So this is purely about changing that single failure message to include requested information. |
|
The stdout now logs IP and user on failed login attempts. |
|
This is a useful feature, however I noticed the IP is only logged when trying to log in with a valid username and a wrong password (with the message "Username or password is incorrect"). When trying to log in with a username for which no account exists however only "Invalid user" is logged. |
|
That should be fixed now in b75ba21. Thanks for reporting it! |
Feature Request
Improve logging of failed login attempts
Issue
Currently, failed login attempts are logged like so:
{"log":"ERROR: Username or password is incorrect. Try again.\n","stream":"stdout","time":"2018-08-08T19:33:20.892869034Z"}Ideally, these log messages would include the IP address of the host attempting login, and username that was attempted. Including this information would allow for better monitoring and alerting, as well as blocking of bad actors.
Suggestion
Include IP address and username in log message.
Example:
{"log":"ERROR: Username or password is incorrect. Try again.\n","IP":"192.0.2.23","username":"[email protected]","stream":"stdout","time":"2018-08-08T19:33:20.892869034Z"}The text was updated successfully, but these errors were encountered: