#844 Monitor failed logins in (non-debug) log

Reporter ge0rg
Owner Zash
Stars ★ (1)  
  • Priority-Medium
  • Type-Enhancement
  • Milestone-0.10
  • Status-Fixed
  1. ge0rg on

    When a client authentication request fails, prosody generates multiple debug-level log messages, however none of them provides the information which user name failed to authenticate. Here is an example: Mar 10 07:51:28 c2s3553650 debug Received[c2s_unauthed]: <auth mechanism='PLAIN' xmlns='urn:ietf:params:xml:ns:xmpp-sasl'> Mar 10 07:51:28 yax.im:auth_internal_hashed debug test password for user 'aron' Mar 10 07:51:28 datamanager debug Assuming empty accounts storage ('cannot open /var/lib/prosody/yax%2eim/accounts/aron.dat: No such file or directory') for user: aron@yax.im Mar 10 07:51:28 yax.im:saslauth debug sasl reply: <failure xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><not-authorized/><text>Unable to authorize you with the authentication credentials you&apos;ve sent.</text></failure> As it stands, cumbersome multi-line matching mechanism must be improvised to extract the usernames, e.g. awk '/test password for user/{ uid=$10 } /sasl reply: <failure/{ print uid; }' < /var/log/prosody/prosody.log Please provide a single non-debug-level log line (ideally in the context of the client session) that shows that an authentication mechanism has failed for a given username.

  2. MattJ on

    • tags Status-Accepted Milestone-0.10
  3. ge0rg on

    I was made aware of https://modules.prosody.im/mod_log_auth.html which falls short in multiple ways: - it does not log the username if the user does not exist - it logs in module and not in session context, making further debugging harder.

  4. Zash on

    These commits should improve the situation: https://hg.prosody.im/0.10/rev/57192cf193c7 https://hg.prosody.im/prosody-modules/rev/404d47d2e833 Please test and report

    • tags Status-Started
  5. ge0rg on

    Thank you very much, the new logging is great!

  6. Zash on


    • tags Status-Fixed
    • owner Zash

New comment