Log failed login attempts
Closed this issue · 11 comments
Could we add a (possibly configurable) feature to log failed logins? Valuable data would include:
- Date/Time
- Connection source IP (and reverse DNS if enabled) and TLS yes/no
- Username attempted
Sorry, hit a button by accident. Re-opened, and a good idea!
This should be easy, and I'm kind of surprised it doesn't already do this, but I admit I rarely look at the server logs.
As an added note, I don't see a particular reason to make this configurable, I think it is very reasonable for this to just always get logged. Really why wouldn't you want this?
Some people don't want their stuff to change, I dunno!
@wyld-sw Propose we put this in 7.1 since it really should be about 5 minutes to add.
Agreed!
There does seem to be a FAILED CONNECT message in logs/status that mentions the username and the descriptor number. Assuming I didn't misread that, should we put IP/DNS/TLS in both this and the FAILED CREATE messages?
Log messages ARE due for a review (categorization, wording, etc), in my opinion.
Before I commit this, I want to make sure these messages will work for you.
Here are the possibilities for the messages. IP address is replaced by hostname when available.
yyyy-MM-ddddTHH:mm:ss: FAILED CONNECT: 'NotAPlayer', descriptor 11, from 69.174.157.204
yyyy-MM-ddddTHH:mm:ss: FAILED CONNECT: 'NotAPlayer', descriptor 11, securely from 69.174.157.204
yyyy-MM-ddddTHH:mm:ss: CONNECTED: One(1), descriptor 11, from 69.174.157.204
yyyy-MM-ddddTHH:mm:ss: CONNECTED: One(1), descriptor 11, securely from 69.174.157.204
yyyy-MM-ddddTHH:mm:ss: FAILED CREATE: 'NotAPlayer', descriptor 11, from 69.174.157.204
yyyy-MM-ddddTHH:mm:ss: FAILED CREATE: 'NotAPlayer', descriptor 11, securely from 69.174.157.204
yyyy-MM-ddddTHH:mm:ss: CREATED: NewPlayer(118), descriptor 11, from 69.174.157.204
yyyy-MM-ddddTHH:mm:ss: CREATED: NewPlayer(118), descriptor 11, securely from 69.174.157.204