see bad pass/username

[Lebjo]

Hi
I need some info.....

Eg;
Somebody whant access to my 'locked' folder.. if he insert a bad pass/username.... can i see what he inserted? (pass/user) (log .....?? )

[rejetto]

HFS will show the info only if the username is correct (but wrong password).
if you need more, we must go with scripting. let me know.

[Lebjo]

Yes, i need more info in log, what password and name he typing..
egsample
I have created 1 user named "JUSTTEST"

Somebody what to login and typing: user - "TOM", pass - "123"

and.. in log i want see
"""01:33:05 123 TOM@127.0.0.1:2517 Login failed""" - Bad password/username

[rejetto]

it cannot be done with current version, sorry.

but next 2.3 beta build #229 will let you put this in the event script file (ALT+F6).

[unauthorized]
{.add to log|Bad login: %user% / %password%.}

[Lebjo]

When #229 will be done? (Release)

[rejetto]

very soon.
maybe tonight.
or in this week.

[r][m]

but next 2.3 beta build #229 will let you put this in the event script file (ALT+F6).

[unauthorized]
{.add to log|Bad login: %user% / %password%.}

Works in regular log, but not apache format. 

[rejetto]

apache logs contains only requests.
the "add to log" is a free form of logging, and i guess it should not be included in apache format.
because i guess people using the apache format uses log analyzers. i don't know how they would behave in such situation.
i see 2 paths
- we discuss and see why such "free form" should fit the apache format.
- you don't use "add to log" but "append", and write directly to the apache format what you want.

[r][m]

apache logs contains only requests.
the "add to log" is a free form of logging, and i guess it should not be included in apache format.
because i guess people using the apache format uses log analyzers. i don't know how they would behave in such situation.
i see 2 paths
- we discuss and see why such "free form" should fit the apache format.
- you don't use "add to log" but "append", and write directly to the apache format what you want.

You added %z to apache log format. I used it

%h %l %u %t "%r" %>s %b "%{Referer}i %z" "%{User-Agent}i"

inside referer section. It produces result as screenshot attached. It could have been added to Request
section. Can't say what the result would be, of adding something else. But bad password would be nice
to have. Screen shot is of Analog 6.0 and at least lists the ~upload thats made.
When I can find some time I'll try append to see if it might be used some way, but I doubt it. Analog has a pretty narrow focus.
There is a better way, but we've been through that before

[rejetto]

i was partially wrong.
yes, "apache logs contains only requests", but a bad password is actually a request (rejected).
so, my question now is: this "bad" request should already be logged in apache-format when the "only served requests" is disabled.
if you confirm this, i guess the only thing you miss is the "password" information.
am i right?

[r][m]

iso, my question now is: this "bad" request should already be logged in apache-format when the "only served requests" is disabled.
if you confirm this, i guess the only thing you miss is the "password" information.
am i right?

Only served requests is disabled.
Bad login is only refered to as 401, or as "failure" in various report sections in Analog.
No reason given. Event scripts don't show with apache format.
I fear apache format is becomming inadequate as HFS evolves.
I'm working on the event scripts and "add to log" (regular log).
I think this may be a better direction, and is showing promise, but I may need help eventually.
It will be some hours before I'll know whats possible.
Is there any hope that you might make a small (but badly needed) change to the regular log?

[rejetto]

Bad login is only refered to as 401, or as "failure" in various report sections in Analog.
No reason given.

a 401 with a username is a "bad password".
what are you missing?

Is there any hope that you might make a small (but badly needed) change to the regular log?

how can i answer without knowing what you are talking about

[r][m]

r][m said

Event scripts don't show with apache format

Actually I was partially wrong, if you login by clicking on a protected
folder event scripts show in the HFS log window. If you use /~login
they do not.
Rejetto said

how can i answer without knowing what you are talking about

It might not be needed if I can use special events to make a special log work like...

Code: [Select]

[unauthorized]
{.unauthorized|{.append|/Server/Admin/log_file/New-Log.txt|Bad login:%date%-%time%-%user%-%password%.}and it does work, but it appends the text in notepad like...
One line of textOne line of textOne line of text
Instead of...
One line of text
One line of text
Google finds lots of info on this, but I haven't been able to make anything work. Without proper
display, its useless.
Any idea on how to fix this?

[Mars]

The solution which is possible is to use \t and \n, they will be converted in tabulation and return to the line

  procedure save();
  begin result:=if_(saveFile(uri2diskMaybeFolder(p), xtpl(pars[1], ['\\','\|','\t',#09,'\n',CRLF,'\|','\']), name='append'), ' ') end;   // mars

\\t and \\n are converted to \t and \n ( no TAB and no CRLF )

the other way is using two macro {.crlf.} {.tab.} to obtain the same result.

    if name = 'crlf' then
      result:=CRLF;

    if name = 'tab' then
      result:=#09;

To convert any text in the same way, it is advisable to use the macro {.replace|... .} under this shape:
{.replace|\\|<//>|\t|{.tab.}|\n|{.crlf.}|<//>|\| your text\t is converted\n correctly.}


An example using both methods with hfs.events

[request]
{.append|hfs.test.log|user1: {.tab.} %user%1 {.crlf.}.}
{.append|hfs.test.log|user2: \t %user%2 \n.}
{.append|hfs.test.log|user3: \\t %user%3 \\n.}
{.append|hfs.test.log|\n next request \n.}
{.append|hfs.test.log|{.replace|\\|<//>|\t|{.tab.}|\n|{.crlf.}|<//>|\| your text\t is converted\n correctly.}
.}

hfs.test.log contain:
user1:     admin1
user2:     admin2
user3: \t admin3 \n
next request
your text    is converted
 correctly


For that to ask furthermore?


 

[r][m]

Mars
Many thanks for posting the codes. Since I'm not a programer,
my solution may not be technically correct, but it works 
This in event scripts produces a special log

Code: [Select]

[unauthorized]
\n{.unauthorized|{.append|/A Location You Choose/Spl-Log.txt|
Bad_Login: %date% %time% %ip% {.if|%user%|%user%|0.} %password%.}\n

[upload completed]
\n{.Upload completed|{.append|/A Location You Choose/Spl-Log.txt|
Upload_Completed: %date% %time% %ip% %user% %item-name%.}\n

[download completed]
\n{.download completed|{.append|/A Location You Choose/Spl-Log.txt|
Download_Completed: %date% %time% %ip% %user% %item-name%.}\nThis makes the more important server data easy to analyze.