Logging of login attemts



  • How can I log the login attemts of users in nginx/apache logs? I like to see the usernames who are logging in like in the z-push logins.

    Thanks!
    Klaus


  • Kopano

    @klausf Failed attempt can be seen in the apache error log

    Kopano WebApp user: klausf: authentication failure at MAPI, referer: https://someurl/?logon
    


  • @marty Thank you for your quick reply. Yes, fine, thanks for the hint! Is it possible to configure webapp to log successful logins with the username?


  • Kopano

    You cannot configure it, but you can add a line to the php code.
    For example here:
    https://stash.kopano.io/projects/KW/repos/kopano-webapp/browse/server/includes/core/class.webappauthentication.php#173



  • @marty Great, works fine! Thank you for finding the line number for me!
    It would be nice to have a config.php variable to enable success logging for future versions.

          if (WebAppAuthentication::$_errorCode === NOERROR ) {
            WebAppAuthentication::$_authenticated = true;
            // Print success message to error_log of webserver
            error_log('Kopano WebApp user: ' . $username . ': authentication success at MAPI');
            WebAppAuthentication::_storeMAPISession(WebAppAuthentication::$_mapiSession->getSession());
          } elseif ( WebAppAuthentication::$_errorCode == MAPI_E_LOGON_FAILED || WebAppAuthentication::$_errorCode == MAPI_E_UNCONFIGURED ) {
            // Print error message to error_log of webserver
            error_log('Kopano WebApp user: ' . $username . ': authentication failure at MAPI');
    
    


  • Hi all,

    I cam from this thread here and I am also interested in getting the succeeded logins. Can anyone explain to me please, how I can implement this in the class.webappauthentication.php and how to compile and make the change effective?

    thank you in advance.



  • anyone can explain to a non-developer how to implement this “patch” so I can get have logged the succeeded logins, too?

    BTW: I’m also interested in a solution to see successful “mailbox attaches” in the log file. Is that possible, too? For example: when Alice attaches successfully the mailbox of Bob into her account.

    thanks in advance.



  • Several ways, one way would be to open the file /usr/share/kopano-webapp/server/includes/core/class.webappauthentication.php with vi/vim, and around line 172, the one that says “WebAppAuthentication::$_authenticated = true;”, just add this line right after that one:
    error_log('Kopano WebApp user: ’ . $username . ‘: authentication success at MAPI’);

    You should then in your /var/log/apache2/error.log see something like this:
    [:error] [pid XXX] [client XXXXXXXXX:XXXX] Kopano WebApp user: username: authentication success at MAPI

    Note that this file will be replaced whenever there is a new version of kopano-webapp being installed, so another way would be to use dpkg-divert, if you are on debian, or just remember to do it manually every time a new version of kopano-webapp


  • Kopano

    I’ve made a ticket: https://jira.kopano.io/browse/KW-3375
    and added a small fix, hidden behind a new config option, because not everyone wants this enabled by default.



  • @klausade
    Thanks for that helpful information. Your line showed backticks instead the apostrophe, I had to correct the line:

     error_log('Kopano WebApp user: ' . $username . ': authentication success at MAPI');
    

    Now my “/usr/share/kopano-webapp/server/includes/core/class.webappauthentication.php” looks like that:

     if (WebAppAuthentication::$_errorCode === NOERROR ) {
       WebAppAuthentication::$_authenticated = true;
       error_log('Kopano WebApp user: ' . $username . ': authentication success at MAPI');
    

    and I get successfully the message logged as you explained. Great!

    @marty said in Logging of login attemts:

    I’ve made a ticket: https://jira.kopano.io/browse/KW-3375
    and added a small fix, hidden behind a new config option, because not everyone wants this enabled by default.

    thank you Marty. It would be nice to have the option to specify a separate logfile for succeeded or failed logins which one could use for post-analyzing procedures (security measurements).

    Now I still wonder if it’s possible to get succeeded attaches of a shared mailbox. Will that work somehow similar ?


Log in to reply