Messages

1

22.7 Legacy Series / Re: System | Log Files | Audit - not showing failed authentication for WebGui lo

« on: January 10, 2023, 10:40:36 pm »

Ah, that's where I was going wrong. Trying with empty passwords.

Thank you for the prompt reply Fright! :-)

Have been trying to build some MONIT alerts for failed logins, Web GUI and SSH

Path | /var/log/audit/latest.log
Condition | content = 'Web GUI authentication error'

Path | /var/log/audit/latest.log
Condition | content = 'PAM: Authentication error'

Interestingly the SSH error will work on empty password.

2

22.7 Legacy Series / [SOLVED] System | Log Files | Audit - not showing failed WebGui auth

« on: January 10, 2023, 05:33:59 pm »

Versions    OPNsense 22.7.10_2-amd64

I can see the SSH failed login information from the System | Log Files | Audit, with Multiselect on and all display. Example below:

Error | sshd | error: PAM: Authentication error for USER from 192.168.1.221
Warning | audit | user USER could not authenticate for sshd. [using OPNsense\Auth\Services\System + OPNsense\Auth\Local]
Debug | audit | user USER failed authentication for sshd on OPNsense\Auth\Services\System via OPNsense\Auth\Local

I can see the WebGui logout and successful login information. Example below:

Notice | audit | /index.php: Successful login for user 'USER' from: 192.168.1.221
Notice | audit | user USER authenticated successfully for WebGui [using OPNsense\Auth\Services\WebGui + OPNsense\Auth\Local]
Notice | audit | /index.php: User logged out for user 'USER' from: 192.168.1.221

However, I did multiple failed logins between the log out and login show above and I was unable to see that.

I couldn't find anything on the GitHub Issues or searching the forum. Do other people get the same result?