CAS 5.1.1 Login Throttle logging

20 views

Skip to first unread message

Mallory, Erik

unread,

Dec 8, 2017, 12:21:11 PM12/8/17

to cas-...@apereo.org

Hello,

When the Throttle Logging gets tripped I get the following log message.

2017-12-04 08:23:41,729 WARN [org.apereo.cas.web.support.AbstractThrottledSubmissionHandlerInterceptorAdapter] - <Throttling submission from [10.0.79.19]. More than [20] failed login attempts within [60] seconds. Authentication attempt exceeds the failure threshold [20]>

I’m throttling based on username, our cas nodes are behind a loadbalancer, so the ip address isn’t of use.

I’ve configured our Nagios install to scrape the logs for this string to create an alert, so we can see how often our cas system is getting hit with some type of Brute Force attack. I would like to know which accounts are being used for these attacks. How do I configure cas or log4j to write the a the account being throttled to the either the cas.log or cas_audit.log?

Erik Mallory

Server Analyst

Wichita State University

316.978.3502

Reply all

Reply to author

Forward

0 new messages