How to log login attempts?
Moderator: moderators
7 posts
• Page 1 of 1
How to log login attempts?
by spookybathtub » Wed Apr 25, 2012 12:43 am
I need a way of logging all the login attempts made on my subsonic server. My organization's Information Security department requires this in order for us to use LDAP authentication. But the subsonic.log file seems to only contain information about songs being played. How can I do this?
- spookybathtub
- Posts: 110
- Joined: Thu Oct 07, 2010 7:13 am
Re: How to log login attempts?
by ytechie » Wed Apr 25, 2012 4:26 am
Unfortunately, as of now, this can't be done. Many people have requested more granular logging capabilities, and I'm sure that we will see that in the near future.
-
ytechie - Posts: 547
- Joined: Sun Dec 12, 2010 5:05 am
- Location: Manhattan, New York
Re: How to log login attempts?
by spookybathtub » Wed Apr 25, 2012 4:35 am
I mean no disrespect, but are you sure this is absolutely impossible currently?
- spookybathtub
- Posts: 110
- Joined: Thu Oct 07, 2010 7:13 am
Re: How to log login attempts?
by GJ51 » Wed Apr 25, 2012 6:00 am
It's certainly not a current feature of the program. I suppose if you are a database guru you might be able to mod the program to give you the results you need, but every discussion I've seen on the topic has not revealed an answer to this issue. There is no evidence that I have seen that would indicate that the information is even recorded by the database, but again I don't know for certain wether or not that is the case.
I'm not all that familiar with using LDAP but the note within Subsonic states that Users are authenticated by the LDAP server. When the LDAP enabled users log on to Subsonic, the username and password are checked by the external server, not by Subsonic itself.
Therefore, I would think it may actually be easier for an IT expert to get this information from the LDAP server as I would think that each authentication request event would be recorded in the LDAP server logs. You stated that your IS dept requires a way of recording all logon attempts in order to use LDAP authentication. Does that mean that all the other applications on your network have that capability? Interesting issue, but my guess is that it would be easier to get that info on the LDAP end.
Some of this may be relevant or give someone else a few ideas:
http://technet.microsoft.com/en-us/libr ... 80(v=WS.10).aspx
Here's some ideas relevant to Windows 7:
http://answers.microsoft.com/en-us/wind ... a9360efdbf
I'm not all that familiar with using LDAP but the note within Subsonic states that Users are authenticated by the LDAP server. When the LDAP enabled users log on to Subsonic, the username and password are checked by the external server, not by Subsonic itself.
Therefore, I would think it may actually be easier for an IT expert to get this information from the LDAP server as I would think that each authentication request event would be recorded in the LDAP server logs. You stated that your IS dept requires a way of recording all logon attempts in order to use LDAP authentication. Does that mean that all the other applications on your network have that capability? Interesting issue, but my guess is that it would be easier to get that info on the LDAP end.
Some of this may be relevant or give someone else a few ideas:
http://technet.microsoft.com/en-us/libr ... 80(v=WS.10).aspx
Here's some ideas relevant to Windows 7:
http://answers.microsoft.com/en-us/wind ... a9360efdbf
Last edited by GJ51 on Wed Apr 25, 2012 6:54 am, edited 4 times in total.
Gary J
http://bios-mods.com
http://www.maplegrovepartners.com
http://theaverageguy.tv/category/tagpodcasts/cyberfrontiers/
http://bios-mods.com
http://www.maplegrovepartners.com
http://theaverageguy.tv/category/tagpodcasts/cyberfrontiers/
-
GJ51 - Posts: 3492
- Joined: Wed Oct 20, 2010 11:58 pm
- Location: Western New York
Re: How to log login attempts?
by ytechie » Wed Apr 25, 2012 6:31 am
The information is not recorded in the database as of version 4.5 and 4.6. I did some extensive code walk throughs, and nowhere in the database is the login info recorded. But again, that can change pretty easily. It doesn't seem hard to incorporate that functionality into the java backend, and I'm sure it's on Sindre's mind.
Like GJ51 said, recording the LDAP requests might be a temporary workaround for now, if that's plausible.
Hope this helps!
Like GJ51 said, recording the LDAP requests might be a temporary workaround for now, if that's plausible.
Hope this helps!
-
ytechie - Posts: 547
- Joined: Sun Dec 12, 2010 5:05 am
- Location: Manhattan, New York
Re: How to log login attempts?
by sir2u » Wed Apr 25, 2012 8:56 pm
See my reply on this other thread: http://forum.subsonic.org/forum/viewtopic.php?f=2&t=8962&p=40027#p40027
- sir2u
- Posts: 48
- Joined: Mon Oct 11, 2010 9:44 pm
Re: How to log login attempts?
by ytechie » Thu Apr 26, 2012 1:22 am
I was wrong. It looks like the LDAP attempts are indeed logged. sir2u, thank you for the very valuable information! 
-
ytechie - Posts: 547
- Joined: Sun Dec 12, 2010 5:05 am
- Location: Manhattan, New York
7 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 8 guests