Open ExTechOp opened 4 years ago
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
Still the same in rocket.chat-3.5.2, username "unknown" in the logs.
Indeed, we still get entries like this on rocket chat 3.5.4 a regular basis:
Sep 01 16:13:15 rocketchat.ourdomain.net rocketchat[2995]: Failed login detected - Username[unknown] ClientAddress[null] ForwardedFor[undefined] XRealIp[4021:483:12:4028:c::2b] UserAgent[Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Rocket.Chat/2.17.7 Chrome/78.0.3904.130 Electron/7.1.10 Safari/537.36]
Sep 02 10:35:02 rocketchat.ourdomain.net rocketchat[3007]: Failed login detected - Username[unknown] ClientAddress[80.119.239.20] ForwardedFor[undefined] XRealIp[80.119.239.20] UserAgent[RC Mobile; android 7.1.1; v4.10.0 (2135)]
Sep 02 11:30:55 rocketchat.ourdomain.net rocketchat[2996]: Failed login detected - Username[unknown] ClientAddress[null] ForwardedFor[undefined] XRealIp[4021:483:12:4028:c::249] UserAgent[Mozilla/5.0 (X11; Linux x86_64; rv:80.0) Gecko/20100101 Firefox/80.0]
Sep 02 11:39:26 rocketchat.ourdomain.net rocketchat[3003]: Failed login detected - Username[unknown] ClientAddress[null] ForwardedFor[undefined] XRealIp[4021:483:12:4028:c::96] UserAgent[Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:79.0) Gecko/20100101 Firefox/79.0]
This unfortunately still seems to be an issue with rocket chat 3.9.1:
Jan 14 11:56:52 rocketchat.ourdomain.net rocketchat[20043]: Failed login detected - Username[unknown] ClientAddress[null] ForwardedFor[undefined] XRealIp[4021:483:12:4028:c:336:c50f:5f25] UserAgent[Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:83.0) Gecko/20100101 Firefox/83.0]
Jan 14 15:08:13 rocketchat.ourdomain.net rocketchat[20086]: Failed login detected - Username[unknown] ClientAddress[null] ForwardedFor[undefined] XRealIp[80.119.239.44] UserAgent[Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041]
Jan 14 15:12:37 rocketchat.ourdomain.net rocketchat[20086]: Failed login detected - Username[unknown] ClientAddress[null] ForwardedFor[undefined] XRealIp[4021:483:12:4028:c:27ff:fe19:dbd8] UserAgent[Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0]
Still an issue with 3.18.3 We have Accounts > Login Logs all options enabled (including "Show Username on failed login attempts logs"), but the logs have only little information about failed logins, an example:
2021-12-27T11:08:35.066915000+02:00 Failed login detected - Username[unknown] ClientAddress[10.10.10.10] ForwardedFor[11.11.11.11] XRealIp[undefined] UserAgent[Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36]
Unfortunately the issue still persists with Rocket.Chat 4.3.1 (although the log format has slightly changed).
Jan 12 05:54:54 rocketchat rocketchat[1049994]: {"level":30,"time":"2022-01-12T03:54:54.185Z","pid":1049994,"hostname":"rocketchat.ourdomain.net","name":"System","msg":"Failed login detected - Username[unknown] ClientAddress[null] ForwardedFor[undefined] XRealIp[2010:1b4a:4f9:bb00:ccd8:1d5f:6b89:af75] UserAgent[Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36]"}
Jan 12 08:10:43 rocketchat rocketchat[1049994]: {"level":30,"time":"2022-01-12T06:10:43.751Z","pid":1049994,"hostname":"rocketchat.ourdomain.net","name":"System","msg":"Failed login detected - Username[unknown] ClientAddress[80.119.28.178] ForwardedFor[undefined] XRealIp[80.119.28.178] UserAgent[unirest-java/1.3.11]"}
Jan 12 08:11:23 rocketchat rocketchat[1049994]: {"level":30,"time":"2022-01-12T06:11:23.081Z","pid":1049994,"hostname":"rocketchat.ourdomain.net","name":"System","msg":"Failed login detected - Username[unknown] ClientAddress[null] ForwardedFor[undefined] XRealIp[4021:483:10:4008:b::41] UserAgent[Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0]"}
Description:
When using LDAP authentication, log entries do not include usernames for failed login attempts.
Steps to reproduce:
Expected behavior:
Usernames for failed login attempts get entered into logs normally.
Actual behavior:
Logs appear with "unknown" fields where usernames should appear, albeit with the correct IP address:
Server Setup Information:
Relevant logs:
Above.