Detailed log

1 post Page 1 of 1
vikingo
Junior Member
Posts: 3
Joined: 19 Jan 2015, 14:32


Hello!

I have enabled all email alerts that CSF generates and when a customer asks why they're been blocked i search the IP in my emails and i can give them a report like this one:
Time: Tue May 14 15:17:20 2019 -0300
IP: 51.38.133.58 (PL/Poland/58.ip-51-38-133.eu)
Failures: 5 (sshd)
Interval: 3600 seconds
Blocked: Temporary Block for 3600 seconds [LF_SSHD]

Log entries:

May 14 15:11:22 dallas sshd[1617633]: Invalid user solr from 51.38.133.58 port 58386
May 14 15:11:24 dallas sshd[1617633]: Failed password for invalid user solr from 51.38.133.58 port 58386 ssh2
May 14 15:14:19 dallas sshd[1619040]: Invalid user kuai from 51.38.133.58 port 60246
May 14 15:14:21 dallas sshd[1619040]: Failed password for invalid user kuai from 51.38.133.58 port 60246 ssh2
May 14 15:17:19 dallas sshd[1621221]: Invalid user squid from 51.38.133.58 port 33860
If i disable the emails, there is any log file with all this info somewhere?

Thanks
1 post Page 1 of 1