Access control to NodeRed

Hi everybody. I have this kind of question. If I set NodeRed that is using HTTPS and protect access whith a password, is possible to discover failed attempt to enter in?

Now I have all behind a VPN, but is a little bit complex to use especially with a phone. With a direct access is surely more simple but also less secure.

Thank you

I think that you will find an entry in the Node-RED log if a login fails - though I've not actually tried it.

Assuming it does, you could use a log parser such as fail2ban to automate things.

With these kinds of issues, I personally find it generally better to use a more specific tool for authentication rather than the built-in Node-RED tools. Such as putting Node-RED behind a reverse proxy like NGINX or Caddy that will take care of the TLS and authentication for you. They will have far more logging and pre-built alerting capabilities (or at least 3rd party tools) since they are so widely used.

Thank you for your answer. I will try to do some experiment...
In the specific, where is the "Node-RED log" file?

Thank you
Bye

Depends how you are running it and on what OS.

Assuming that you are using some form of Linux and have a standard installation, you will probably find it by doing something like journalctl -u node-red.

Note that one of the advantages of systemd and its journal is that you can easily output the logs in machine readable formats.

If linking into other apps to grep the log, you will find the node-red entries buried in /var/log/syslog.

Yes sorry... I took it for granted that I'm using Linux. Never use Windows if not for solitaire :-))

Ok. Then the system logs... I thought that NodeRed had its own log file.

Thank you for all.

Haha, minesweeper surely :grin:

Windows = Desktop, Linux = Server. Mac = Oh lordy why? :rofl:

Again, this is the benefit of systemd. It journals logs to memory and outputs to syslog by default. But you can configure it anyway you like. Rather than trying to grep syslog, you can simply use the journalctl command which is a lot better and can give you a single or multiple logs.

I also use it for logging my own CRON driven batch scripts. Nice.

The command node-red-log will tail the log for you.