Project

General

Profile

Feature #9754

Add separate authentication log

Added by Jim Pingle about 1 month ago. Updated about 1 month ago.

Status:
Feedback
Priority:
Normal
Assignee:
Category:
Logging
Target version:
Start date:
09/12/2019
Due date:
% Done:

100%

Estimated time:

Description

Would be nice to have a log dedicated to authentication events (ssh, gui, VPNs, etc).

Most things will be caught by auth.*;authpriv.* but there may be some stragglers.

Notably, IPsec authentication doesn't appear to have a way to get just the user auth messages. They are a part of the "ike" subsystem and do not show up until the log level is increased to where it's far too chatty to include here.

The radius package should probably also send its logs there.

Associated revisions

Revision 49967ae7 (diff)
Added by Jim Pingle about 1 month ago

Add dedicated auth log. Implements #9754

History

#1 Updated by Jim Pingle about 1 month ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100

#2 Updated by Jim Pingle about 1 month ago

  • Category changed from Logging to Captive Portal
  • Status changed from Feedback to In Progress
  • Assignee deleted (Jim Pingle)
  • Target version deleted (2.5.0)
  • % Done changed from 100 to 90

Still need to poke at IPsec a bit to see if there is another way to get just the auth messages out of it. Might not be possible.

#3 Updated by Jim Pingle about 1 month ago

  • Category changed from Captive Portal to Logging
  • Assignee set to Jim Pingle
  • Target version set to 2.5.0

#4 Updated by Jim Pingle about 1 month ago

  • Status changed from In Progress to Feedback
  • % Done changed from 90 to 100

I'm still not seeing a viable way to get the IPsec logs out when strongSwan handles the authentication internally (e.g. EAP), might revisit in the future.

Otherwise this is working for the base system so far.

Also available in: Atom PDF