[Date Prev][Date Next] [Chronological] [Thread] [Top]

auditing failed login attempts



Our security group is hassling us because we don't currently provide them an
audit log of failed login attempts on our LDAP servers. For most of our
other systems, we simply provide them a syslog feed with this information.
However, openldap doesn't appear to have a logging level that provides
detail about login attempts on a single line, but rather across many lines
that would need to be correlated. It seems more like connection debugging
logging as opposed to authentication logging.

It looks like we might need to set up an accesslog overlay to log all of the
attempted binds and then have a separate process that runs through that and
generates the syslog feed to our ISO group's central logging server? That's
a bit more overhead than I would like.

Are there any other simpler ways of generating failed login logs?

Thanks much.