log attempts to AUTH LOG

  • Resolved malimart

    (@malimart)


    2 months, 4 weeks ago

    I don’t use Fail2Ban, but I have the setting log attempts to AUTH LOG checked. From my understanding of the functions check_request and sue_log, any attempt at enumeration like /?author=123 should be logged. Is that correct? What should these entries look like? Where should they be logged? While the plugin does indeed block these attempts, I don’t see anything in the logs.

    • This topic was modified 2 months, 4 weeks ago by malimart.
    • This topic was modified 2 months, 4 weeks ago by malimart.
Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Alan Fuller

    (@alanfuller)

    syslog( LOG_INFO, esc_html( "Attempted user enumeration from " . $ip ) );

    this will log to whatever your syslog is.

    If you are testing make sure you are logged out as it deliberately doesn’t stop enumeration of authorised users.

    Thread Starter malimart

    (@malimart)

    I was looking in the wrong location. On my Alma Linux machine, the data gets logged to /var/log/messages. Thanks.

Viewing 2 replies - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.

Tags