Project

General

Profile

Actions

Bug #10902

closed

2.5.0. Authentication logging

Added by Greg M about 4 years ago. Updated about 4 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
Logging
Target version:
-
Start date:
09/14/2020
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.5.x
Affected Architecture:

Description

As per this post https://forum.netgate.com/topic/156762/2-5-0-logging-authentication/4

Even clean 2.5.0 does not log all successful logins.

Actions #1

Updated by Jim Pingle about 4 years ago

  • Status changed from New to Rejected

I can't reproduce this. Even on a stock 2.5.0, I login, it gets logged. I logout, it gets logged. Login again, it gets logged. I tried logging out and in rapidly multiple times and all were logged.

Something is broken in your test, methodology, etc. Keep the discussion on the forum until something more specific can be identified and not "it doesn't work". We need details and a way to reproduce it, none of which have been demonstrated sufficiently.

Actions #2

Updated by Greg M about 4 years ago

Please re-open.

I know now what is the problem. If I use Chrome I get same results as you.
If I use Firefox results are not OK, auth is not logged.

Actions #3

Updated by Jim Pingle about 4 years ago

I used firefox and it's fine there for me. Keep the discussion on the forum.

Actions #4

Updated by Steve Wheeler about 4 years ago

  • Status changed from Rejected to Confirmed

I have replicated this a number of times but didn't spot it until now. I only noticed it does not 'beep' when you login but had dismissed it. I now see it also doesn't log when that happens, I guess the beep is in a script that is not triggered.
I tested this in Firefox.

Oct 14 18:56:59     sshd     4808     Accepted keyboard-interactive/pam for root from 172.21.16.5 port 46266 ssh2
Oct 14 18:57:03     nginx         2020/10/14 18:57:03 [error] 44685#100136: send() failed (54: Connection reset by peer)
Oct 14 18:57:15     pkg-static     54985     pfSense-repo upgraded: 2.5.0.a.20201014.0050 -> 2.5.0.a.20201014.0650
Oct 14 18:58:25     php-fpm     47634     /index.php: User logged out for user 'admin' from: 172.21.16.5 (Local Database)
Oct 14 18:58:26     php-fpm     47634     /index.php: Successful login for user 'admin' from: 172.21.16.5 (Local Database) 

Here I logged in via ssh then logged in at the webgui and nothing is logged. That nginx error is shown though.
Then I logout and log back in and it is logged, and it beeped.

Additionally I had two SSH sessions open and both only show one system message:

php-fpm[47634]: /index.php: Successful login for user 'admin' from: 172.21.16.5 (Local Database)

Actions #5

Updated by Greg M about 4 years ago

Nice catch
I caught it via siem when logs got missing

Actions #6

Updated by Jim Pingle about 4 years ago

  • Status changed from Confirmed to Rejected

The beep is from the system console logging the high level syslog message, not a script. If something causes that to be suppressed, it won't beep.

I still can't replicate anything here. Any login/logout action I make is logged.

Read that forum thread again, it may be something in the browser contributing.

Actions

Also available in: Atom PDF