Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

#149 Failed login not written to log file

closed-fixed
nobody
None
5
2011-10-27
2011-10-27
J. Ulbts
No

Currently failed login attempts are not written into the log file as 'ERROR' level messages.
If there are multiple failed logins this could help to identify attacks.
See also the message by Tom Purl (jtrac-users Mailing List on 2011-07-16) with the subject 'Monitoring Failed Logins'.

Discussion

  • J. Ulbts
    J. Ulbts
    2011-10-27

    • status: open --> closed-fixed
     
  • J. Ulbts
    J. Ulbts
    2011-10-27

    The log output of failed logins has been added to SVN revision 1370.
    Now the following error message is written into the log if the authentication fails:
    ERROR [info.jtrac.wicket.LoginPage] - login failed - Authentication for login name '<the_login_name>' not successful

    On not existing login names or passwords (String object is 'null') a slightly changed error message is written to the log file.