[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
auditing failed login attempts
- To: <openldap-technical@openldap.org>
- Subject: auditing failed login attempts
- From: "Paul B. Henson" <henson@acm.org>
- Date: Tue, 17 Sep 2013 17:25:48 -0700
- Content-language: en-us
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:from:to:subject:date:message-id:mime-version:content-type :content-transfer-encoding:thread-index:content-language; bh=+khYSafAtLumsT9xkOe8A1mt719yvPh+fV45eoAkMzM=; b=xYULF3O3Yey6PHZNUFCvNT0bsNnYfHXc1hcHR0AwsReO1Uzef8iylKJmpahbBqW0wn CKoyZhY+Dvhuiayg3ZM0WcESowQiosjBHfP1wDJFVe6ABq6FBJrQGtX50zco5r7PxuG/ /xv/RTymzPZ4ef7MDtvw2qIVB9zcfT9hrK4ZCwkTdlajhDeqLFIODp4DpgjgmgmUZldg qgzrjZu5kkOyGsMJVD7tFrD0Fzht914gOVSEwk3xxASVfyzUhh2byY8E2Js/NuBLBZPh nEecFTFcv3Yfi14+fthiDVv+9dPA3cMjLXqs6sKKCsVMxXExUztcxtdLh/S3uYFLJaP5 HrOw==
- Thread-index: Ac60BEEr4qd0+KDvT/m4plygwvz65g==
Our security group is hassling us because we don't currently provide them an
audit log of failed login attempts on our LDAP servers. For most of our
other systems, we simply provide them a syslog feed with this information.
However, openldap doesn't appear to have a logging level that provides
detail about login attempts on a single line, but rather across many lines
that would need to be correlated. It seems more like connection debugging
logging as opposed to authentication logging.
It looks like we might need to set up an accesslog overlay to log all of the
attempted binds and then have a separate process that runs through that and
generates the syslog feed to our ISO group's central logging server? That's
a bit more overhead than I would like.
Are there any other simpler ways of generating failed login logs?
Thanks much.