Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
22.7 Legacy Series
»
[SOLVED] System | Log Files | Audit - not showing failed WebGui auth
« previous
next »
Print
Pages: [
1
]
Author
Topic: [SOLVED] System | Log Files | Audit - not showing failed WebGui auth (Read 1060 times)
mhcp
Newbie
Posts: 2
Karma: 0
[SOLVED] System | Log Files | Audit - not showing failed WebGui auth
«
on:
January 10, 2023, 05:33:59 pm »
Versions OPNsense 22.7.10_2-amd64
I can see the SSH failed login information from the System | Log Files | Audit, with Multiselect on and all display. Example below:
Error | sshd | error: PAM: Authentication error for USER from 192.168.1.221
Warning | audit | user USER could not authenticate for sshd. [using OPNsense\Auth\Services\System + OPNsense\Auth\Local]
Debug | audit | user USER failed authentication for sshd on OPNsense\Auth\Services\System via OPNsense\Auth\Local
I can see the WebGui logout and successful login information. Example below:
Notice | audit | /index.php: Successful login for user 'USER' from: 192.168.1.221
Notice | audit | user USER authenticated successfully for WebGui [using OPNsense\Auth\Services\WebGui + OPNsense\Auth\Local]
Notice | audit | /index.php: User logged out for user 'USER' from: 192.168.1.221
However, I did multiple failed logins between the log out and login show above and I was unable to see that.
I couldn't find anything on the GitHub Issues or searching the forum. Do other people get the same result?
«
Last Edit: January 10, 2023, 10:41:34 pm by mhcp
»
Logged
Fright
Hero Member
Posts: 1777
Karma: 164
Re: System | Log Files | Audit - not showing failed authentication for WebGui login
«
Reply #1 on:
January 10, 2023, 07:21:33 pm »
should be there if username and passwords wasn't empty:
https://github.com/opnsense/core/blob/f5323689f3db9e91fa9f1a15e66e20f6e1e2fbba/src/etc/inc/authgui.inc#L212
Logged
mhcp
Newbie
Posts: 2
Karma: 0
Re: System | Log Files | Audit - not showing failed authentication for WebGui lo
«
Reply #2 on:
January 10, 2023, 10:40:36 pm »
Ah, that's where I was going wrong. Trying with empty passwords.
Thank you for the prompt reply Fright! :-)
Have been trying to build some MONIT alerts for failed logins, Web GUI and SSH
Path | /var/log/audit/latest.log
Condition | content = 'Web GUI authentication error'
Path | /var/log/audit/latest.log
Condition | content = 'PAM: Authentication error'
Interestingly the SSH error will work on empty password.
«
Last Edit: January 10, 2023, 10:42:59 pm by mhcp
»
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
22.7 Legacy Series
»
[SOLVED] System | Log Files | Audit - not showing failed WebGui auth