auth.log content format can be improved and simplified #1
Description
Hi
Authlog output a log line for each user logging that fails in file /auth.log. This line looks like :
Jan 10 07:36:50 vps100389 mybb: login failure for user baadamascahsy2322 with ip 46.161.9.22 in user cp
Half of its content adds nothing except of making the file growing faster, and the order of fields make it difficult to handle because of no vertical alignment
So, I replaced in the plugin source these 2 functions :
function authlog_log($auth) {
if (count($auth->get_errors()) <= 0) {
return;
}
global $mybb;
$logline = "mybb: login failure for user " . rawurlencode($auth->data["username"]) . " with ip " . $_SERVER["REMOTE_ADDR"] . " in ";
if (defined("IN_ADMINCP")) {
authlog_log_line($logline . "admin cp");
} elseif ($mybb->settings["authlog_user"] == 1) {
authlog_log_line($logline . "user cp");
}
}
function authlog_log_line($logline) {
global $mybb;
$logfile = $mybb->settings["authlog_location"];
$hostname = gethostname();
$date = exec("date +%b\ %d\ %H:%M:%S");
file_put_contents($logfile, $date . " " . $hostname . " " . $logline . "\n", FILE_APPEND);
} by this one :
function authlog_log($auth) {
if (count($auth->get_errors()) <= 0) {
return;
}
global $mybb;
$logline = date('ymd H:i:s ') . str_pad($_SERVER["REMOTE_ADDR"], 16);
if (defined("IN_ADMINCP")) {
$logline .= 'A';
} elseif ($mybb->settings["authlog_user"] == 1) {
$logline .= 'U';
} else {
$logline .= '?';
}
$logline .= ' ' . rawurlencode($auth->data['username']);
file_put_contents($mybb->settings["authlog_location"], $logline . "\n", FILE_APPEND);
} It is more compact, more fast, and produce shorter report with vertically aligned fields that enables fast look and easier search (or even easier rules for fail2ban) for repetitive intrusion attempt. Each line have this format :
YYMMDD hh:mm:ss xxx.xxx.xxx.xxx P username
where
xxx..xxx is the IP padded to 16 chars
P is the place where the connection was attempted (A=Admin CP, U=User CP, ?=unknown)