Graylog Web GUI successful login log


We are using Graylog 5.2.3. I want to view the successful and unsuccessful logins of the users logging into the Web Gui interface. Normally I can only see the unsuccessful logins in “/var/log/graylog-server/server.log” (I was viewing this manually with vim on linux). When I did some more research, I created “Internal Logs” input and I was able to view the failed logs because of the Web Gui. But my main need is how can I view the successful logs?

I am waiting for your help.


NOTE: this is provided as is and is not necessarily “supported”, meaning it works today but may not work in the future. The Audit Log feature in graylog is a licensed feature and is meant to be used to solve this problem.

With that said:
I took a quick look and it seems its possible to have some log entries created if you enable the logger for

Its enabled using graylog’s api via a curl (or wget) command:

curl -I -X PUT https://user:passwords@graylogserver/api/system/loggers/ \
-H 'X-Requested-By: graylog-api-user'

Output in log looks something like:

DEBUG [MongoDBAuthServiceBackend] Trying to load user <username> from database
DEBUG [MongoDBAuthServiceBackend] Successfully validated password for user <username>

Hope that helps.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.