Log input for graylog users login attempts

Hi Community,

I would like to know in which file login attempts for users are stored in graylog, also which type of input I should use to log the messages of the earlier mentioned file to the created input.

Cheers,

@hun

what failed login attempts did you want to ingest into graylog? that is not clear in your question.

regards
Jan

No, I would like to log all logins in general, just to see which of the defined users is logging to graylog.

You should just configure the access logs, like written in the documentation: http://docs.graylog.org/en/2.4/pages/securing.html#logging-user-activity

just one idea.

Thanks a lot, I will try it.

Hi Jan,

Should I append the code to the end of log4j2.xml file or just extract what is inside <appenders> and <loggers> and add it to these tags in the log4j2.xml?

Also, is the restaccess.log file automatically created? In case not, when creating it, what permissions should I assign to it? Who should the file owner be? Thanks in advance.

The documentation contains an example. You have to customize it for your very own log4j2.xml file.

Check the Log4j 2 documentation for details:
https://logging.apache.org/log4j/2.x/manual/configuration.html

If the path you’ve configured is writable by the system user running Graylog, the file will be created automatically.

Hi Jochen,

Thanks for the input, I already go it working. Can you suggest a way to log the restaccess.log to graylog? So far I am trying to do so using the collector-sidecar.

Cheers,

You could use a GELF appender to log it back into Graylog.

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.