Does anyone know how to get Allmon3 to log 401 unauthorized attempts to the log? This would be to enable fail2ban to block the ip of the offender after numerous attempts to brute force the login. Already have Crowdsec running banning IP's automatically in conjunction with fail2ban and UFW, but still seeing in the logs over 100+ attempts daily coming from other countries trying to brute force the VM running Allmon3.
Allmon3 (the web monitoring interface) does not log HTTP 401 messages. What are you trying to accomplish - brute-forcing the Allmon3 login modal? Or something else.
But you're talking specifically about the Allmon3 login modal, correct? Since the webserver itself is not controlling access, it will not throw an HTTP 401 or 403. What I would suggest is, if you're using fail2ban, trigger on some M attempts at requesting GET /allmon3/master/auth/check over N seconds and if hit it, block that IP. That full URI path is only used for handling the login.
Yes, this is specifically regarding the Allmon3 login modal. I’ll give what you suggested a try and report back my findings. Ultimately, looking for a way to ban an IP address for a set period of time for ‘x’ number of failed attempts to authenticate via the login for Allmon3.
Not to the log unless you specify the file but...
You can specify in ,htaccess and create your own log of any error code you specify.
Log the IP if you wish. Redirect the hit. etc.
Google is your friend. I don't have a quick example to share handy.
But I have done this many times in the past.
This will not do anything. Allmon3 is not protected by the webserver's HTTP protocol stack and thus there will never be an HTTP 401 error generated. Ever.
Allmon3 does not use PHP nor will Allmon3 will not throw an HTTP status code for a failed login. The method I suggested above is the best way to deal with this if you want to use on-system logging.