How to setup authentication attempts logs


#1

My haproxy config file looks like (important part - I think):

global
    log /dev/log    local0
    log /dev/log    local1 notice
defaults
        log     global
        mode    http
        option  httplog
        option  dontlognull
userlist users
  user user insecure-password userpass

frontend front-test
  bind 127.0.0.1:88
  capture request header origin len 128
  capture request header Host len 500
  capture request header User-Agent len 64
  capture request header Authorization len 64
  log-format "%ci:%cp [%t] %H %HP %hr %hrl"
  use_backend bk_test

backend bk_test
  acl auth_ok http_auth(user)
  http-request auth if !auth_ok
  option httpchk GET /
  server local 127.0.0.1:80

How to setup to have information about which user name and from which IP tried to authenticate - correct and incorrect auth attempts?


#2

The logging configuration already contains the Authorization header, which contains both username and password base64 encoded.

And you can log the username with the http_auth_group fetch, but only if the authentication succeeds (put %[http_auth_group(users)] into your custom log format).


#3

Good point! Thanks. Should be enough for that what I need.