Syslog question

rp201rp · 2021-04-22T02:44:13.121Z

are successful logins written somewhere for the gl-inet web admin interface?

alzhao · 2021-04-22T10:55:24.001Z

I don’t think so. Yes this is good to log.

rp201rp · 2021-04-22T18:32:03.062Z

just successful ones. and make it permanent to survive reboots with a very very small buffer of course if you could suggest please. it’s nice to know when other cooks have been in the kitchen changing the recipe

alzhao · 2021-04-23T05:04:54.038Z

Actually the failed ones should be logged as well, just as ssh logs.

Gabo · 2021-04-24T09:31:42.816Z

Adding to the OP’s suggestion, an option to enable a notification via goodcloud will also be nice.

rp201rp · 2021-04-25T06:11:52.070Z

some people expose http(s) ports so I figured storing a log 90% full of failed attempts would be annoying. but no complaints here if you do. if anything just logging local failed attempts would be nice too.

alzhao · 2021-04-25T08:15:55.827Z

rp201rp:

so I figured storing a log 90% full of failed attempts would be annoying.

Yes. This needs to be done smartly.
For example, if there are 100 failed attempt, 100 notifications could be very annoying.
The correct way may be: send out 1 or several notifications, saying there are 100 failed attempts. The even better ways is to auto block such kind of attack.