BIG Audit db table!

Hi,

Can you check what events are filling it?

Others have complained about this and for them it was filling up with failed login attempts, which means their sites were being brute forced.

Now you can either look into preventing them brute force attempts which will stop the logging.

Or if you don’t care about the attempts you can either ignore them and change the automatic cleanup time, or prevent them from logging at all.

By default logs older than 90 days are removed, you can change that time by adding this constant to your wp-config:

define(‘AIOWPSEC_PURGE_AUDIT_LOGS_AFTER_DAYS’, 10);

That will remove logs older than 10 days.

Or if you don’t want to log some or all events you can use the following filter:

‘aios_audit_log_record_event’

Best Wishes,

Ashley

The vast majority of alerts are:
“Failed login attempt with a unknown username: mail”

Hi,

Are they all from the same IP address?

Do you recognise the IP or do you have any service that would be trying to login to your website with the username mail?

If not and assuming it’s from the same IP address every time you could block the IP.

You can then manually clean all the failed attempts using the bulk delete option on the audit table.

Best Wishes,

Ashley

No, always different IPs.
For example on my site I found 87 log pages!

If you allow me some advice, I would say to insert directly in the settings the possibility of varying the maximum conservation time or a maximum number of logs

Hi,

Sure I will add a ticket to our internal task tracker to see how best we can handle this.

For now I recommend the above, you could even use the filter to ignore failed login attempts for the username “mail”

Or you could start blocking them IP addresses (I understand theres a lot of them, but it should help reduce the logs)

Best Wishes,

Ashley