Log Liferay Signin attempts

Question

I'm wondering if there is a way to log all sign in attempts in Liferay 6.2. My goal is to monitor all login attempts (successfull and failure) so I can build an ELK dashboard and see if there is a sudden peak in e.g. faild login attemts - maybe because some kind of bot is penetrating my website.

So far I didn't find any default setting or function to log all logins with their credentials. I want to see which username tries to sign in as well.

If there are propper pre- and post-login events I can use in a hook that would be fine for me as well. I would take care of the logging tasks myself then. Sadly my attempts so far fell short. I wasn't able to include the credentials in my log string.

Answer 1

There is no such out of the box functionality.

But, as usually in Liferay, you have two options:

• Check the marketplace if there is a plugin for that
• Or create such a plugin yourself

There is a plugin in the marketplace that could fit your needs: Audit EE

I've never used it, so I can't tell you anything about it.

And in case you are not satisfied with the options it offers, here is the write a plugin yourself solution:

If you want to log the failed attempts only, you need to implement an AuthFailure class:

public LogLoginFailures implements AuthFailure {

   public void onFailureByEmailAddress(long companyId, String emailAddress, 
       Map<String, String[]> headerMap, 
       Map<String, String[]> parameterMap) throws AuthException {
     MyLoginLogUtil.logFailure(emailAddress);
   }

   // Implement the two other onFailure... methods the same way

}

You will need to write the MyLoginLogUtil by yourself. You could use a Liferay service which you would create with the Liferay Service Builder.

To declare your AuthFailure instance you just need to add it in your portal-ext.properties:

auth.failure=com.liferay.portal.security.auth.LoginFailure,...LogLoginFailures

The property stores a list of handlers. You should keep the default LoginFailure to have the default behavior of storing the last failed login attempt per user.

If you really want to log all sign in attempts, you can add a Authenticator in the auth.pipeline.post property in your portal-ext.properties:

public LogLoginFailures implements AuthFailure {

  public int authenticateByEmailAddress(long companyId, String emailAddress, 
      String password, Map<String, String[]> headerMap, 
      Map<String, String[]> parameterMap) throws AuthException {
     MyLoginLogUtil.logSuccesss(emailAddress);
     return SUCCESS;
   }

   // Implement the two other authenticate... methods the same way

}

That will log the succeeded login attempts.

You could add an Authenticator as first handler in the auth.pipeline.pre property as well, but that wouldn't be able to distinguish between failed and succeeded logins.