Where logged NR failed logins?

Hallo I put credentials in settings.js, but where write NR the failed login try? I have a linux system and try to look in auth-logs and add a custom logger to the settings.js, but I cant find any output to this. I would use fail2ban to anlyze this log.
Thanks Thomas

Have you checked the node-red log? That is available directly using journalctl if you are using systemd to run node-red. They are also written to syslog which fail2ban should be able to monitor.

If you really want robust security though and you clearly have a Linux set up with some existing security, you would likely be better off using a reverse proxy such as NGINX or Caddy and putting your logins there rather than in Node-RED itself.

Hi @buschhardt

You will need to enable the audit log level in order to get events for failed logins etc

Thank You, the setting audit: true was wrong. Can I see/write out which IP address the node-red client have?
Here is my custom logger:

myCustomLogger: {
    level: "error",
    metrics: false,
    audit: true,
    handler: function(settings) {
        return function(msg) {
            var fs = require('fs');
            var text = JSON.stringify(msg) + "\n";
            fs.appendFileSync('./nodered.log', text, encoding='utf8');
        }
    }
}

And here a result:
{"event":"auth.login.fail.credentials","username":"wronguser","client":"node-red-editor","scope":"","level":98,"timestamp":1681203925853}

Ah yes - the login fail audit event doesn't include the ip address of the request. That information isn't directly available. We've looked at getting the ip address included in this event previously, but the authentication library we use (passport.js) makes it surprisingly difficult to do (or perhaps, how we use passport makes it hard to do).

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.