Log input for graylog users login attempts


Hi Community,

I would like to know in which file login attempts for users are stored in graylog, also which type of input I should use to log the messages of the earlier mentioned file to the created input.


(Jan Doberstein) #2


what failed login attempts did you want to ingest into graylog? that is not clear in your question.



No, I would like to log all logins in general, just to see which of the defined users is logging to graylog.

(Jan Doberstein) #4

You should just configure the access logs, like written in the documentation: http://docs.graylog.org/en/2.4/pages/securing.html#logging-user-activity

just one idea.


Thanks a lot, I will try it.


Hi Jan,

Should I append the code to the end of log4j2.xml file or just extract what is inside <appenders> and <loggers> and add it to these tags in the log4j2.xml?

Also, is the restaccess.log file automatically created? In case not, when creating it, what permissions should I assign to it? Who should the file owner be? Thanks in advance.

Audit logging restaccess.log not created
(Jochen) #7

The documentation contains an example. You have to customize it for your very own log4j2.xml file.

Check the Log4j 2 documentation for details:

If the path you’ve configured is writable by the system user running Graylog, the file will be created automatically.


Hi Jochen,

Thanks for the input, I already go it working. Can you suggest a way to log the restaccess.log to graylog? So far I am trying to do so using the collector-sidecar.


(Jochen) #9

You could use a GELF appender to log it back into Graylog.

(system) closed #10

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.