[horde] logging

Paras pradhan pradhanparas at gmail.com
Wed Feb 9 00:03:18 UTC 2011


OSSEC hids looks good but I beleive it can't lock ldap accounts when
you are authenticating users against remote ldap.

Paras.

On Tue, Feb 8, 2011 at 5:24 PM, Paras pradhan <pradhanparas at gmail.com> wrote:
> Well not sure how to look at heavily populated busy access log for
> this. may be for badlogin keyword?.
>
> My imap server (not local) is telling me continuously about badlogin
> user not found pointed from my webserver .
>
> Trying to find the culprit.
>
> Paras.
>
> On Tue, Feb 8, 2011 at 5:17 PM, Michael Rubinsky <mrubinsk at horde.org> wrote:
>>
>> Quoting Paras pradhan <pradhanparas at gmail.com>:
>>
>>> Hi,
>>>
>>> We can trace Successful Logins and Failed logins by setting
>>> $conf['log']['name'] = /tmp/horde.log. But when there is a dictionary
>>> attack (for usernames that does not exist), is it possible to trace
>>> down the source ip/network?
>>>
>>> Any idea how to handle this?
>>
>> What about the webserver access log?
>>
>>
>> mike
>>
>> The Horde Project (www.horde.org)
>> mrubinsk at horde.org
>> --
>> Horde mailing list
>> Frequently Asked Questions: http://horde.org/faq/
>> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
>>
>


More information about the horde mailing list