Log unsuccessful login attempts of non-users

David Gallagher shared this idea 20 months ago
Completed

Currently the events table logs the following login behavior:


1. Login

2. Logout

3. Session Timeout

4. Password Invalid

5. User Lockout

These are only logged if the user has a valid account within the system.


Can we record within the event table when there is an invalid login of any kind, for example if I attempt to log in with the username test@test.com and this user does not exist then a record showing a EventCode of "InvalidUser" would be stored with the submitted username shown in the EventData Column.

This would allow for more accurate auditing of login activity.

As this could possibly cause the size of the Event Table to increase quickly could this be added as an option either within Configuration > Authentication area or as record within the configuration table.

Best Answer
photo

Update:

Further to my last response, I just want to let you know that we have since put together 9.5.1 to address 2 issues found in 9.5, these are;

Issue 1 - Resolved an issue that would prevent configuration settings being saved on the System tab in a client org.

Issue 2 - Resolved an issue that would prevent CSS files from loading in certain cases when content was embedded via the JS API.

More information can be found here. However with regards to the topic of this ticket, you can find this here (as mentioned in my previous post).

With this I apologise for any inconvenience this may have caused, of which I welcome any feedback or questions you may have.

Regards,

Mark

Comments (8)

photo
1

Hi David,

All future updates regarding this idea will be found here.

Kind regards,

Nathan Goddard

photo
1

To re-iterate something from the other thread related to this, here is what we are looking for:

What we are looking for is all failed logon attempts being written to the Event table. This includes non-existent users, LDAP users, regardless of whether Yellowfin is configured for email address logon or username logon.

photo
1

Hi Crystal,

I shall have this added to the notes within our development ticket.

Regards,

Mark

photo
1

Hi, Mark -

Is there a way that I can follow status on the dev ticket? If possible, I'd like to see the ticket in the My Ticket list.

Thanks!

photo
1

Hi Crystal,

I hope you are well & Having a lovely start to your new year.

Mark is currently out, so I will answer on his behalf.


Our development ticketing system is for internal use only, However, once updates are provided on the development task, we will then update the community ticket with the progress :)


I have checked the Development task linked to this Ticket, and good news, just this week it was tagged with Target Versions! Meaning the Development team are actively working on this!


I hope this is ok, let me know if you have any further questions - for now I will mark this as 'Idea Logged'


Best Wises,

Lesley

photo
1

Update:

We have since implemented this enhancement request within our recent 9.5 which was released today. Because of this I am going to go ahead and mark this as Completed.

Any further question or issues, please do not hesitate to re-open. Happy to help where we can.

Regards,

Mark

photo
1

Update:

We also have this implemented in our 8.0.9 which is due for release later this month.

More information on how to use this feature request cant be found here.

Regards,

Mark

photo
1

Update:

Further to my last response, I just want to let you know that we have since put together 9.5.1 to address 2 issues found in 9.5, these are;

Issue 1 - Resolved an issue that would prevent configuration settings being saved on the System tab in a client org.

Issue 2 - Resolved an issue that would prevent CSS files from loading in certain cases when content was embedded via the JS API.

More information can be found here. However with regards to the topic of this ticket, you can find this here (as mentioned in my previous post).

With this I apologise for any inconvenience this may have caused, of which I welcome any feedback or questions you may have.

Regards,

Mark