access_log to track failed logins
AJ Weber
aweber at comcast.net
Thu Dec 20 14:01:54 UTC 2012
This solution worked. Many thanks to you AND Francis for your replies
to help.
I always cringe when using the if-statement because of the "bad press"
it's gotten in the past. I understand the push to use "location"
wherever possible, but sometimes a well-placed, simple if-statement is
exactly what's needed!
Now the logging is working, and I wrote a (really just modified an
existing) fail2ban "jail" to watch for IP's trying to hack the site.
Nothing's foolproof, but every little bit helps!
Thanks to all again,
AJ
On 12/19/2012 4:11 AM, Antonio P.P. Almeida wrote:
>> I have a login page that redirects (actually appends the parameter
>> "?error=true" to the URL and lets the user try again).
>>
>> I was trying to re-define "access_log" with a full path and (for now)
>> "combined" to a separate file in that location in hopes of tracking
>> failed logins in a separate log. Originally, I had a regex nested
>> location for the error redirect, then I took it out and put it in its
>> own location. Nothing seems to work.
>>
>> This doesn't seem to work at all. An empty log gets created at startup,
>> but nothing ever gets written there. Is it because the access logging
>> is already done by the time the location is determined?
>>
>> How can I somehow log when someone accesses the "login" page with the
>> "error=true" parameter on the URL?
> Try at the http level:
>
> map $arg_error $log_error {
> default 0;
> true 1;
> }
>
> and at the server level:
>
> error_page 418 @log-error;
>
> if ($log_error) {
> return 418;
> }
>
> location @log-error {
> access_log my_special.log;
> }
>
>
> --appa
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
More information about the nginx
mailing list