Horizon Logging Question
sam.bouwari at verizon.com
sam.bouwari at verizon.com
Fri Nov 30 16:28:41 UTC 2018
Hello Horizon Proj Developers.
In previous (older) Openstack/Horizon versions (version 7 or 8), the /var/log/horizon.log file used to reveal "remote address" information when a user attempts to login to Horizon GUI with wrong password, or if someone is trying to guess a password, then a log entry similar to this would be logged:
2018-11-01 19:39:35,728 3711 WARNING openstack_auth.forms Login failed for user "admin", remote address 192.168.1.12.
In newer OSP/Horizon versions, the "remote address" field seems to have been truncated from the log and all we see now is a login entry in /var/log/horizon.log similar to this:
2018-11-30 14:23:10,912 473292 WARNING openstack_auth.forms Login failed for user "admin".
Is there any valid reason as to why this feature was removed from newer version of Horizon?
Logging the "remote address" information is very useful from security/IR and log monitoring standpoint where an analyst can identify if someone is trying to guess passwords, or trying to brute force the Horizon GUI, and other useful scenarios.
Is there a configuration parameter in Horizon that can be turned on to log the "remote address" infromation again? Or is this feature just not available anymore in the product?
Your help is greatly appreciated!
Thanks
Sam Bouwari
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20181130/26ad7f9d/attachment.html>
More information about the openstack-discuss
mailing list