CheckAuthLog Change Log
Version 2.0.0 includes performance improvements for the log file parsing and a mechanism to avoid more than one instance running at a time. Also support is included for Exim. As I do not run Exim that code has only been lightly tested. Feedback is welcome. Version 3.0.0 released 11 April 2015 contains the following main changes:
- Support for syslog (enabled by default)
- Support for log level (for syslog and for standard output)
- New configuration variable ignored_users to avoid listed users being subject to checks. Comma separated list of logins
- New configuration variable ignored_ips to avoid logging listed ips or ranges. Comma separated list of ips or cidr ranges.
- Ability to notify users their account has been blocked (only useful if the block does not prevent them receiving and reading email)
- Self checking: the script notifies you if it fails to find new log lines after a certain interval (default 1 hour) or new logins after a certain interval (default 1 day - but should be customized to what you expect)
- Self checking is enabled by default but can be turned off if not needed.
- Support for sending self check notifications to the admin via email (not really needed if you run from crontab since you receive the standard output anyway) but for some might be useful
- A new variable that can be used in mysql queries %l (lower case L) which matches the local part of the user name before the @
New command line options:
- -z will run the self check routines only
- -e [email protected] will simulate the email notification to user specified in the parameter. This can be useful for testing the email setup, without having to trigger a hit on the user or ip limits.
A bug was found and corrected during testing of version 3 (present in previous versions). If the log file contains multiple login lines that cause the ip or message limits to be exceeded, then each single login line processed would trigger the blocking action. This can logically occur only in the same or next log file, since following the successful blocking action, no new login lines will be generated until the account is unblocked. This did not create any particular negative consequences (reblocking a blocked user), but with the email notification feature, it would have created multiple notifications. Now the script will suppress blocking action if the user was already blocked in the current or previous run.
Some of the development in version 3 was funded by a donation.
Versione 3.2.1 released on 16 March 2019 contains code cleanup, bug fix for an issue where the timezone of php is different to the timezone of the server logging, and improved logging which will help in the case of further issues.