Log input for graylog users login attempts


#1

Hi Community,

I would like to know in which file login attempts for users are stored in graylog, also which type of input I should use to log the messages of the earlier mentioned file to the created input.

Cheers,


(Jan Doberstein) #2

@hun

what failed login attempts did you want to ingest into graylog? that is not clear in your question.

regards
Jan


#3

No, I would like to log all logins in general, just to see which of the defined users is logging to graylog.


(Jan Doberstein) #4

You should just configure the access logs, like written in the documentation: http://docs.graylog.org/en/2.4/pages/securing.html#logging-user-activity

just one idea.


#5

Thanks a lot, I will try it.


#6

Hi Jan,

Should I append the code to the end of log4j2.xml file or just extract what is inside <appenders> and <loggers> and add it to these tags in the log4j2.xml?

Also, is the restaccess.log file automatically created? In case not, when creating it, what permissions should I assign to it? Who should the file owner be? Thanks in advance.


(Jochen) #7

The documentation contains an example. You have to customize it for your very own log4j2.xml file.

Check the Log4j 2 documentation for details:
https://logging.apache.org/log4j/2.x/manual/configuration.html

If the path you’ve configured is writable by the system user running Graylog, the file will be created automatically.


#8

Hi Jochen,

Thanks for the input, I already go it working. Can you suggest a way to log the restaccess.log to graylog? So far I am trying to do so using the collector-sidecar.

Cheers,


(Jochen) #9

You could use a GELF appender to log it back into Graylog.


(system) #10

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.