How to find out failed login attempts

お困りですか?

アトラシアン コミュニティをご利用ください。

コミュニティに質問

プラットフォームについて: Server と Data Center のみ - この記事は、サーバーおよびデータセンター プラットフォームのアトラシアン製品にのみ適用されます。

要約

With the audit log enhancements made in Bitbucket 7.0, the steps for this process will differ depending on your version of Bitbucket.

The steps to review failed login attempts for each version are as follows:

Versions before Bitbucket 7.0

In order to identify failed login attempts, you have to enable Audit log events in Bitbucket to see that. Configure your bitbucket.properties by setting the audit.highest.priority.to.log=MEDIUM. A restart is required so Bitbucket Server will initialize these properties.

Please note the below information on this property:


イベント説明Priority
AuthenticationFailureEventOccurs whenever a user fails to authenticate. Note that this can occur frequently in Bitbucket Server whenever a command line CLI is used as the initial URL provided to Bitbucket Server contains a username but no password, which is rejected by Crowd.High


The Audit logs are kept under the $BITBUCKET_HOME/log/audit directory.

Bitbucket 7.0+

Failed login attempts are recorded by default, and are captured as long as authentication audit events are captured at an 'Advanced' detail level or higher.

To review authentication events, you can either review the Authentication category ("/plugins/servlet/audit/?categories=Authentication") page in your Bitbucket instance's audit section, or you can review the logs themselves on the server in the $BITBUCKET_HOME/log/audit directory.

Log Examples

Versions before Bitbucket 7.0

audit/atlassian-bitbucket-audit.log


# These are the events recorded for a failed authentication in the following conditions:
## http clone
0:0:0:0:0:0:0:1 | AuthenticationFailureEvent | admin | 1408523251985 | admin | {"authentication-method":"basic","error":"Invalid username or password."} | @DX16Wx987x199x0 | -


## login via the user interface (note the "form" value as authentication-method)
0:0:0:0:0:0:0:1 | AuthenticationFailureEvent | admin | 1552975040486 | admin | {"authentication-method":"form","error":"Invalid username or password."} | @2750WEx1017x76x0 | -

atlassian-bitbucket-access.log

Taking the first example from above, look up DX16Wx987x199x0 in my access logs:

0:0:0:0:0:0:0:1 | http | i@DX16Wx987x199x0 | - | 2014-08-20 16:27:31,972 | "POST /rest/api/1.0/projects/WORK/repos/my-repo/commits/ HTTP/1.1" | "" "curl/7.30.0" | - | - | - | 
Bitbucket 7.0+

audit/YYYYMMDD.#####.audit.log

# These are the events recorded for a failed authentication in the following conditions:
## http clone
{"affectedObjects":[],"auditType":{"action":"User login failed","actionI18nKey":"bitbucket.service.user.audit.action.authenticationfailure","area":"SECURITY","category":"Authentication","categoryI18nKey":"bitbucket.service.audit.category.authentication","level":"ADVANCED"},"author":{"id":"-2","name":"Anonymous","type":"user"},"changedValues":[],"extraAttributes":[{"name":"Error","nameI18nKey":"bitbucket.service.user.audit.attribute.authenticationfailure.error","value":"Invalid username or password."},{"name":"Load balancer/proxy IP address","nameI18nKey":"atlassian.audit.event.attribute.forwarder","value":"192.168.5.2"},{"name":"target","nameI18nKey":"bitbucket.audit.attribute.legacy.target","value":"invalid_user"},{"name":"Authentication method","nameI18nKey":"bitbucket.service.user.audit.attribute.authentication.authmethod","value":"basic"}],"method":"Browser","node":"f8449858-2506-4724-a0ae-d587234dce15","source":"192.168.5.51","system":"https://examplebitbucket.com","timestamp":{"epochSecond":1605572664,"nano":56000000},"version":"1.0"}

## login via the user interface (note the "form" value as authentication.authmethod)
{"affectedObjects":[],"auditType":{"action":"User login failed","actionI18nKey":"bitbucket.service.user.audit.action.authenticationfailure","area":"SECURITY","category":"Authentication","categoryI18nKey":"bitbucket.service.audit.category.authentication","level":"ADVANCED"},"author":{"id":"-2","name":"Anonymous","type":"user"},"changedValues":[],"extraAttributes":[{"name":"Error","nameI18nKey":"bitbucket.service.user.audit.attribute.authenticationfailure.error","value":"Invalid username or password."},{"name":"Load balancer/proxy IP address","nameI18nKey":"atlassian.audit.event.attribute.forwarder","value":"192.168.5.2"},{"name":"Authentication method","nameI18nKey":"bitbucket.service.user.audit.attribute.authentication.authmethod","value":"form"},{"name":"target","nameI18nKey":"bitbucket.audit.attribute.legacy.target","value":"invalid_user"}],"method":"Browser","node":"f8449858-2506-4724-a0ae-d587234dce15","source":"192.168.5.1","system":"https://examplebitbucket.com","timestamp":{"epochSecond":1605572121,"nano":449000000},"version":"1.0"}

If you're having issues with CAPTCHA, please refer to:

最終更新日 2020 年 11 月 17 日

この内容はお役に立ちましたか?

はい
いいえ
この記事についてのフィードバックを送信する
Powered by Confluence and Scroll Viewport.