From 16fc0ccb3a561f5a2cb4296a2ef0906c44c44e51 Mon Sep 17 00:00:00 2001 From: Lars Vierbergen Date: Sun, 5 Nov 2017 17:24:40 +0100 Subject: [PATCH] Add logging of ips that failed authentication --- EventListener/AuthenticationStatsListener.php | 40 ++++++++++++++++++- 1 file changed, 38 insertions(+), 2 deletions(-) diff --git a/EventListener/AuthenticationStatsListener.php b/EventListener/AuthenticationStatsListener.php index fc56c55..29f3b53 100644 --- a/EventListener/AuthenticationStatsListener.php +++ b/EventListener/AuthenticationStatsListener.php @@ -58,8 +58,13 @@ class AuthenticationStatsListener implements EventSubscriberInterface { return [ StatsEvent::class => [ - 'getAuthStats', - -1 + [ + 'getAuthStats', + -1 + ], + [ + 'getAuthFailureIps' + ] ], AuthenticationEvents::AUTHENTICATION_SUCCESS => 'onAuthSuccess', AuthenticationEvents::AUTHENTICATION_FAILURE => 'onAuthFailure', @@ -151,4 +156,35 @@ class AuthenticationStatsListener implements EventSubscriberInterface $event->addStatistics($stats); } + + public function getAuthFailureIps(StatsEvent $event) + { + if (!$event->isEnabled('login_fail_ips')) + return; + $queryBuilder = $this->registry->getRepository(AuthenticationEntry::class)->createQueryBuilder('e'); + /* @var $queryBuilder \Doctrine\ORM\QueryBuilder */ + $queryBuilder->select('count(e) AS c', 'e.ip') + ->groupBy('e.ip') + ->where('e.success = false AND e.timeStamp > :time') + ->setParameter('time', new \DateTime('-1 day')) + ->orderBy('c', 'DESC') + ->setMaxResults(20); + $rawStats = $queryBuilder->getQuery()->getArrayResult(); + + $config = [ + 'graph_title' => 'Authserver authentication failures', + 'graph_vlabel' => 'Failures/day', + 'graph_category' => 'authserver' + ]; + foreach ($rawStats as $rawStat) { + $ipHash = md5($rawStat['ip']); + $config += [ + 'auth_fail_' . $ipHash . '.label' => $rawStat['ip'] + ]; + + $event->addStatistic('login_fail_ips.auth_fail_' . $ipHash, $rawStat['c']); + } + + $event->setMuninConfig('login_fail_ips', $config); + } }