Hello, When the Throttle Logging gets tripped I get the following log message. 2017-12-04 08:23:41,729 WARN [org.apereo.cas.web.support.AbstractThrottledSubmissionHandlerInterceptorAdapter] - <Throttling submission from [10.0.79.19]. More than [20] failed login attempts within [60] seconds. Authentication attempt exceeds the failure threshold [20]>
I’m throttling based on username, our cas nodes are behind a loadbalancer, so the ip address isn’t of use. I’ve configured our Nagios install to scrape the logs for this string to create an alert, so we can see how often our cas system is getting hit with some type of Brute Force attack. I would like to know which accounts are being used for these attacks. How do I configure cas or log4j to write the a the account being throttled to the either the cas.log or cas_audit.log? Erik Mallory Server Analyst Wichita State University 316.978.3502 -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/8B8BA323-F395-45C1-AB4A-3E6FEA088C5F%40wichita.edu.
