Feature suggestion – log to auth.log

  • Resolved Ovidiu

    (@ovidiu)


    12 years, 2 months ago

    Hi there,

    I suggested this already on the Wordfence forums and there were several follow-ups but right now I cannot find the threads anymore.

    I’d very much like failed logins to be logged to auth.log or syslog for me to be able to parse the failed logins with fail2ban and ban them.

    I prefer this method since fail2ban can also automatically unban IPs after a specified amount of time, while if I use the WP plugin called: CloudFlare Threat Management the IPs would be permanently banned via CF but not automatically unbanned.

    Please advise if this is doable? Could be an option inside Wordfence’s settings….

    https://wordpress.org/plugins/wordfence/

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Mark Maunder

    (@mmaunder)

    12 years, 2 months ago

    Hi,

    This would be challenging because your web server doesn’t have permission to write to syslog or auth.log and I don’t think it has permissions to use the API.

    If there’s some sort of REST API or another type we can plug into to make this happen let me know.

    Regards,

    Mark.

    Thread Starter Ovidiu

    (@ovidiu)

    12 years, 2 months ago

    hm, thanks for the reply. I admit not having thought about that. I was simply trying to accomplish this with the minimal effort and minimal amount of plugins.

    Have a look at this solution please, this might be my next try: http://kovshenin.com/2014/fail2ban-wordpress-nginx/

    basically a minimal plugin living in mu-plugins that makes WP return auth failure with 403 and then I can use fail2ban to pick those up inside the nginx access logs… (others would find them inside the apache logs)

    That seems the next best solution or do you have any other ideas?

    ON THE OTHER HAND I just read the description of: http://wordpress.org/plugins/wp-fail2ban/ =>

    WP fail2ban logs all login attempts, whether successful or not, to syslog using LOG_AUTH.

    Do you mind having a look, maybe that method can be used in your plugin too?

    Plugin Author Mark Maunder

    (@mmaunder)

    12 years, 2 months ago

    Thanks, I’ve added your feature request.

    Regards,

    Mark.

    Thread Starter Ovidiu

    (@ovidiu)

    12 years, 2 months ago

    Awesome!

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Feature suggestion – log to auth.log’ is closed to new replies.