On Wed, May 29, 2024, 23:19 shifteynz ***@***.***> wrote: We're looking to send our Cacti logs to our SIEM. I'm currently assessing the authentication based logs. We have DEBUG mode enabled. I've noticed that: - For successful logins, there is no IP address associated with the user authenticating. Example: "AUTH LOGIN: User 'username' Authenticated via Authentication Cookie" or "AUTH LOGIN: User 'Username' authenticated" - For failed logins, the username and IP address are contained within the same event: "AUTH LOGIN FAILED: Local Login Failed for user 'username' from IP Address '1.2.3.4'" Feature Request: 1. Can successful login events contain the same information as a failed login event? (Username and IP Address of user) 2. Can the logging format for failed and successful logins be consistent, with the field and values in the same order for both event types? — Reply to this email directly, view it on GitHub <#5761>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ADGEXTFSJNJ6VKZKGGZ667TZE2LERAVCNFSM6AAAAABIQCUKBGVHI2DSMVQWIX3LMV43ASLTON2WKOZSGMZDINRRGA3DONQ> . You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>