Summary
Authentication failures currently lack a stable, machine-parseable log line that includes the source IP.
Motivation
Operators using fail2ban need a consistent auth failure pattern that exposes <HOST> directly in each failed attempt record.
Proposal
Emit a dedicated warning log entry for authentication failures, including:
remote_ipremote_addrusername (when available)- auth
method
- structured
reason (for example invalid_credentials)
Example:
[WARN] socks: auth_failed remote_ip=203.0.113.10 remote_addr="203.0.113.10:53742" username="admin" method=2 reason=invalid_credentials
Acceptance Criteria
- Failed login attempts produce an
auth_failed log line with remote_ip in every case where remote address is known.
- Invalid credentials include
username and reason=invalid_credentials.
- A regression test verifies this log format for an invalid username/password attempt.
Summary
Authentication failures currently lack a stable, machine-parseable log line that includes the source IP.
Motivation
Operators using fail2ban need a consistent auth failure pattern that exposes
<HOST>directly in each failed attempt record.Proposal
Emit a dedicated warning log entry for authentication failures, including:
remote_ipremote_addrusername(when available)methodreason(for exampleinvalid_credentials)Example:
[WARN] socks: auth_failed remote_ip=203.0.113.10 remote_addr="203.0.113.10:53742" username="admin" method=2 reason=invalid_credentialsAcceptance Criteria
auth_failedlog line withremote_ipin every case where remote address is known.usernameandreason=invalid_credentials.