Hestia auth.log

Sich · July 20, 2023, 4:01pm

Hi,

I’m looking to write a parser for the hestia auth log file, and then block IP who make to much error when trying to auth on Hestia.

But it seem that each info is loggued 2 times…

Like

2023-07-20 15:32:19 carmel xxx successfully logged in
2023-07-20 15:32:19 carmel xxx successfully logged in
2023-07-20 17:48:09 admin xxx failed to login
2023-07-20 17:48:09 admin xxx failed to login

I will just double the number of error before initating the ban, but this is a bug ?

g07u · July 28, 2023, 5:22am

Sich:

2023-07-20 15:32:19 carmel xxx successfully logged in
2023-07-20 15:32:19 carmel xxx successfully logged in
2023-07-20 17:48:09 admin xxx failed to login
2023-07-20 17:48:09 admin xxx failed to login

Several reasons could cause this duplication of log entries:

Multiple Terminals or Connections: Users might be logging in from different terminals or connections simultaneously, resulting in multiple log entries with the same timestamp.
Logging Mechanism: The logging mechanism itself may generate duplicate log entries under specific conditions. This can happen if the system writes the log entry and, for some reason, retries the process, resulting in identical entries.
Log Rotation and Aggregation: Some log rotation or aggregation processes might temporarily duplicate log entries as they handle and process logs across different files or systems.
Logging Configuration: The logging configuration on the system may have specific settings that lead to duplicate log entries for certain events.

To further investigate and understand why there are duplicate entries in the auth.log, you may want to check the specific logging configuration, explore the system’s login history, and review any recent changes that might have impacted the logging mechanism. It’s also a good idea to monitor the log entries over time to see if this is a recurring issue or just an isolated event.

eris · July 28, 2023, 5:33am

It mostly comes for yessscypt password check…