add the ability to audit login failures/successes for logging in to the web interface
add the ability to audit login failures/successes for logging in to the web interface
Welcome to our community!
Duplicates 4
Notification on failed and successful logins
Log site logins with notification capabilities
From CW#7590390:
Would like to be able to audit when users login to ScreenConnect instance, including failures. Would also like to be able to receive email notifications when failed login attempts occur on site.
Audit logs of when someone logs on (successfully or failure) into the web interface?
Hello
When someone logs on to the web interface, Id like to log it and send it to a syslog ( more specifically Elastic Stack ) to not only keep logs but to meet certain compliance requirements.
We have ScreenConnect ( or ConnectWise ) installed on Windows on prem.
Where are these audit logs located?
Thank you
log user login history
Please add this feature that can log user login history for audit and investigation.
Replies 78
Sean White Team Member
Hey there! Cody is correct, the next plan for the security events are to make them reportable (will be available soon). We will then work on adding security events to our Triggers, which is slated for later in Q3.
Hey there! Cody is correct, the next plan for the security events are to make them reportable (will be available soon). We will then work on adding security events to our Triggers, which is slated for later in Q3.
Will login attempts be sent to SYSLOG? I'm sure that is what everyone is waiting for
Will login attempts be sent to SYSLOG? I'm sure that is what everyone is waiting for
Hi Luke,
Once security events are triggerable, we'll be able to update the Syslog Ext.
Can this audit FAILED logins only? I see LOGIN attempt but I need to sift through them all to find if any failed. If this is possible, is there a way to create a trigger to email us on failed login attempts?
Event.EventType = 'LoginAttempt' AND Event.OperationResult = 'PasswordInvalid'
Event.EventType = 'LoginAttempt' AND Event.OperationResult = 'PasswordInvalid'
Thanks I did find a video on this later in the evening. Is there some way to allow this to report back even if the username is not valid? Anyone trying to get in brute force is more than likely NOT going to know our username.
I tried to use this event but it does not work Event.EventType = 'PasswordInvalid'
What about logging the real, source IP? CC only logs the reverse proxy's IP address even though my reverse proxies (I tested a couple of different ones) are sending the source IP in the headers (i.e. x-forward-for, real-ip, etc). Not very effective if you can't audit the source IP. Many customers put CC behind a WAF or rproxy.
Partner stated that he would like a email notification when there is a successful or failed login