Feature #9754
closedAdd separate authentication log
100%
Description
Would be nice to have a log dedicated to authentication events (ssh, gui, VPNs, etc).
Most things will be caught by auth.*;authpriv.*
but there may be some stragglers.
Notably, IPsec authentication doesn't appear to have a way to get just the user auth messages. They are a part of the "ike" subsystem and do not show up until the log level is increased to where it's far too chatty to include here.
The radius package should probably also send its logs there.
Updated by Jim Pingle about 5 years ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Applied in changeset 49967ae74aeb6ac116d7a0662bcbb1da70a09b8f.
Updated by Jim Pingle about 5 years ago
- Category changed from Logging to Captive Portal
- Status changed from Feedback to In Progress
- Assignee deleted (
Jim Pingle) - Target version deleted (
2.5.0) - % Done changed from 100 to 90
Still need to poke at IPsec a bit to see if there is another way to get just the auth messages out of it. Might not be possible.
Updated by Jim Pingle about 5 years ago
- Category changed from Captive Portal to Logging
- Assignee set to Jim Pingle
- Target version set to 2.5.0
Updated by Jim Pingle about 5 years ago
- Status changed from In Progress to Feedback
- % Done changed from 90 to 100
I'm still not seeing a viable way to get the IPsec logs out when strongSwan handles the authentication internally (e.g. EAP), might revisit in the future.
Otherwise this is working for the base system so far.
Updated by Viktor Gurov almost 5 years ago
Jim Pingle wrote:
I'm still not seeing a viable way to get the IPsec logs out when strongSwan handles the authentication internally (e.g. EAP), might revisit in the future.
Otherwise this is working for the base system so far.
tested on 2.5.0.a.20191210.1722
PPPoE, L2TP, WebGUI and console/ssh is ok
What about OpenVPN server auth log?
Updated by Jim Pingle almost 5 years ago
- Status changed from Feedback to Resolved
OpenVPN authentication is already placed in the auth log.
Dec 11 08:25:04 openvpn 895 user 'jimp' authenticated