Bug #10902
closed2.5.0. Authentication logging
0%
Description
As per this post https://forum.netgate.com/topic/156762/2-5-0-logging-authentication/4
Even clean 2.5.0 does not log all successful logins.
Updated by Jim Pingle about 4 years ago
- Status changed from New to Rejected
I can't reproduce this. Even on a stock 2.5.0, I login, it gets logged. I logout, it gets logged. Login again, it gets logged. I tried logging out and in rapidly multiple times and all were logged.
Something is broken in your test, methodology, etc. Keep the discussion on the forum until something more specific can be identified and not "it doesn't work". We need details and a way to reproduce it, none of which have been demonstrated sufficiently.
Updated by Greg M about 4 years ago
Please re-open.
I know now what is the problem. If I use Chrome I get same results as you.
If I use Firefox results are not OK, auth is not logged.
Updated by Jim Pingle about 4 years ago
I used firefox and it's fine there for me. Keep the discussion on the forum.
Updated by Steve Wheeler about 4 years ago
- Status changed from Rejected to Confirmed
I have replicated this a number of times but didn't spot it until now. I only noticed it does not 'beep' when you login but had dismissed it. I now see it also doesn't log when that happens, I guess the beep is in a script that is not triggered.
I tested this in Firefox.
Oct 14 18:56:59 sshd 4808 Accepted keyboard-interactive/pam for root from 172.21.16.5 port 46266 ssh2 Oct 14 18:57:03 nginx 2020/10/14 18:57:03 [error] 44685#100136: send() failed (54: Connection reset by peer) Oct 14 18:57:15 pkg-static 54985 pfSense-repo upgraded: 2.5.0.a.20201014.0050 -> 2.5.0.a.20201014.0650 Oct 14 18:58:25 php-fpm 47634 /index.php: User logged out for user 'admin' from: 172.21.16.5 (Local Database) Oct 14 18:58:26 php-fpm 47634 /index.php: Successful login for user 'admin' from: 172.21.16.5 (Local Database)
Here I logged in via ssh then logged in at the webgui and nothing is logged. That nginx error is shown though.
Then I logout and log back in and it is logged, and it beeped.
Additionally I had two SSH sessions open and both only show one system message:
php-fpm[47634]: /index.php: Successful login for user 'admin' from: 172.21.16.5 (Local Database)
Updated by Greg M about 4 years ago
Nice catch
I caught it via siem when logs got missing
Updated by Jim Pingle about 4 years ago
- Status changed from Confirmed to Rejected
The beep is from the system console logging the high level syslog message, not a script. If something causes that to be suppressed, it won't beep.
I still can't replicate anything here. Any login/logout action I make is logged.
Read that forum thread again, it may be something in the browser contributing.