Project

General

Profile

Actions

Feature #9754

closed

Add separate authentication log

Added by Jim Pingle over 5 years ago. Updated about 5 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Logging
Target version:
Start date:
09/12/2019
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:

Description

Would be nice to have a log dedicated to authentication events (ssh, gui, VPNs, etc).

Most things will be caught by auth.*;authpriv.* but there may be some stragglers.

Notably, IPsec authentication doesn't appear to have a way to get just the user auth messages. They are a part of the "ike" subsystem and do not show up until the log level is increased to where it's far too chatty to include here.

The radius package should probably also send its logs there.

Actions #1

Updated by Jim Pingle over 5 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100
Actions #2

Updated by Jim Pingle over 5 years ago

  • Category changed from Logging to Captive Portal
  • Status changed from Feedback to In Progress
  • Assignee deleted (Jim Pingle)
  • Target version deleted (2.5.0)
  • % Done changed from 100 to 90

Still need to poke at IPsec a bit to see if there is another way to get just the auth messages out of it. Might not be possible.

Actions #3

Updated by Jim Pingle over 5 years ago

  • Category changed from Captive Portal to Logging
  • Assignee set to Jim Pingle
  • Target version set to 2.5.0
Actions #4

Updated by Jim Pingle over 5 years ago

  • Status changed from In Progress to Feedback
  • % Done changed from 90 to 100

I'm still not seeing a viable way to get the IPsec logs out when strongSwan handles the authentication internally (e.g. EAP), might revisit in the future.

Otherwise this is working for the base system so far.

Actions #5

Updated by Viktor Gurov about 5 years ago

Jim Pingle wrote:

I'm still not seeing a viable way to get the IPsec logs out when strongSwan handles the authentication internally (e.g. EAP), might revisit in the future.

Otherwise this is working for the base system so far.

tested on 2.5.0.a.20191210.1722

PPPoE, L2TP, WebGUI and console/ssh is ok

What about OpenVPN server auth log?

Actions #6

Updated by Jim Pingle about 5 years ago

  • Status changed from Feedback to Resolved

OpenVPN authentication is already placed in the auth log.

Dec 11 08:25:04     openvpn     895     user 'jimp' authenticated 
Actions

Also available in: Atom PDF