This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

OnBase log for Invalid Logins?

Go to answer
Thomas_Reu
Elite Collaborator
Elite Collaborator

‎01-22-2024 02:15 PM

The securitylog is pretty good in that a valid username that fails to login will be recorded.

e.g. a message text for the user will be entered in the table = "User XXX entered invalid password for Core Services"

 or if locked then messagetext = "Locked-out user XXX attempted to log on to Core Services"

 

Both of these messages revolve around a valid username.

If someone uses an invalid username - nothing will end up in this table;  which is logical - that's why the table has a usernum in it.  

 

So....  

Is there a different table that records invalid attempts where the username doesn't exist?

If so, would someone please provide it?

If not, would this potentially be useful or is it overkill? 

 

Regards,

Labels:
0 Kudos
1 ACCEPTED ANSWER

Go to answer
Mike_Walkuski
Employee
Employee

‎01-23-2024 04:53 AM

Hello @Tom ,

 

You should also see entries in the securitylog for invalid users as well. Something similar to the following should be logged when a user that doesn't exist tries to login.

 

c7a304d418b04f2a9c650f15261c9769

 

Are you not seeing these messages? If not, what client are you trying to log in to?

View answer in original post

3 REPLIES 3

Go to answer
Mike_Walkuski
Employee
Employee

‎01-23-2024 04:53 AM

Hello @Tom ,

 

You should also see entries in the securitylog for invalid users as well. Something similar to the following should be logged when a user that doesn't exist tries to login.

 

c7a304d418b04f2a9c650f15261c9769

 

Are you not seeing these messages? If not, what client are you trying to log in to?

Go to answer
Thomas_Reu
Elite Collaborator
Elite Collaborator
In response to Mike_Walkuski

‎01-23-2024 07:27 AM

Thanks Mike I see it now.  I had other logins that were pushing it out of the query, since I used a select top and ordered by logdate desc.  I was using the Unity client, so I see what you are seeing above.

 

Interestingly enough, and I'm not sure I should even put this in here, so if you all want to take administrative  control and delete the following I understand. 

 

If you use the thick client the invalid username is stored in the messagetext field.   e.g. "Invalid user WHATEVER attempted to log on to the Client module ".  Note: this seems like a good idea, unless your client has a tendency to put the password in the username field.  In which case, the password gets stored in open text within the messagetext field, albeit all in caps.

0 Kudos

Go to answer
Mike_Walkuski
Employee
Employee
In response to Thomas_Reu

‎01-23-2024 08:36 AM

Great to hear!

 

I would suggest sending in a Feedback form requesting the same info from Thick be included with Core clients. It very well may be for the reason you stated that we do not, but your submission will spark internal discussion around the topic.

 

https://community.hyland.com/feedback

0 Kudos
Getting started

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC