Joomla already logs all failed logins. What more do you need?

@brianteeman uhm okay? And these i can seperate from normal Logins?
My "developer" said its not possible to seperate these from real Logins compared to failed ones.

Your developer is a fool then and doesnt know anything about Joomla.

By default the logs show failed logins

#Fields: datetime	priority clientip	category	message
2017-04-19T14:50:09+00:00	INFO 127.0.0.1	joomlafailure	Username and password do not match or you do not have an account yet.

optionally the logs will also show the username as well if this is enabled in the plugin

#Fields: datetime	priority clientip	category	message
2017-04-19T14:50:09+00:00	INFO 127.0.0.1	joomlafailure	Username and password do not match or you do not have an account yet. ("letmein")

And if someone tries to login without a password you will get

#Fields: datetime	priority clientip	category	message
2017-04-19T14:50:09+00:00	INFO 127.0.0.1	joomlafailure	Empty password not allowed.

Joomla doesn't add URL variables for a successful or failed login, so you can't just base this on URLs.

Everything you need to configure fail2ban is in the logs

Hi @brianteeman , thank you @mbabker ,

so what log should i be tailing to get a perfect Result?
Then sorry in advance for my hasty Post here.

The Joomla logs can be found in error.php in your logs folder within your joomla site

You can find the full path to the logs folder by looking in your system configuration

Closed as no issue to resolve

@brianteeman The login failure daemon needs them logged to the Apache error log or the access log to be useful. Wordpress does write those Entries in the default access Log of a Server.
This is way smoother.

@brianteeman : "Your developer is a fool then and doesnt know anything about Joomla."

I dont think so. as a person, who knows joomla and server administration: i think: you are a fool.

fail2ban uses iptables -> requires root permissions -> is a part of server administration
joomla logfile is a part of webspace/user administration

fail2ban searches for patterns in logfiles and takes an action, if an "event" occurs too often in a specified time -> ban the ip address for 5 minutes via iptables for example

As a server administrator / webhoster (as i am) you need to have such information in a centralized logfile -> webserver logfile, because you dont know, where your customers have their joomla logfiles and you dont want to to reconfigure fail2ban every day, if a new joomla installation appears on your systems.

At the moment a login into joomla admin produces a http 30x in webserver logs, a not successful login produces a http 200.

If a not successful login would produce a http 403 for example, that would be really helpful for server administrators

If a not successful login would produce a http 403 for example, that would be really helpful for server administrators

Good luck changing the way the web thinks. I just checked applications my company has deployed based on WordPress, Symfony, and Laravel; none issue a 4xx response (WordPress has a 200 and the two PHP frameworks have 302).

It is possible to write a plugin for Joomla to extend its logging platform or to catch failed login attempts and do what it is that you need to do without us changing the core behaviors of Joomla.

niente?

I wrote regex on following Folder:
/var/www/vhosts///administrator/logs/error.php
https://regex101.com/r/ziAJMe/1

Better one (limited log in other place totally different as any other cms works), log as no log. :-) So this seems working.
I would love to see, that also Joomla goes just like everyone else: apache access logs.