File

mod_audit_auth/README.md @ 5810:e79f9dec35c0

mod_c2s_conn_throttle: Reduce log level from error->info Our general policy is that "error" should never be triggerable by remote entities, and that it is always about something that requires admin intervention. This satisfies neither condition. The "warn" level can be used for unexpected events/behaviour triggered by remote entities, and this could qualify. However I don't think failed auth attempts are unexpected enough. I selected "info" because it is what is also used for other notable session lifecycle events.
author Matthew Wild <mwild1@gmail.com>
date Thu, 07 Dec 2023 15:46:50 +0000 (12 months ago)
parent 5772:238c4ac8b735
line wrap: on
line source
---
summary: Store authentication events in the audit log
rockspec:
  dependencies:
  - mod_audit
...

This module stores authentication failures and authentication successes in the
audit log provided by `mod_audit`.

If mod_client_management is loaded, it will also record entries when a new
client is connected to the user's account for the first time. For non-SASL2
clients, this may have false positives.