要約

There may be instances in which it can be helpful to understand where a specific user is attempting to login from.  For example, if a service account is running multiple processes on different machines and that account's password changes it may be necessary to track down which processes still have the old password.  Automated processes attempting to use an old password may lock out the user account.  

環境

Jira 8.20 以降

ソリューション

Within the atlassian-jira-security.log file, we can observe login attempts such as what is seen below:

2023-03-14 18:42:45,648+0000 http-nio-8080-exec-116 url: /rest/api/latest/myself anonymous 1122x72341024x9 - xxx.xx.xxx.xx,127.0.0.1 /rest/api/latest/myself The user '<username>' is required to answer a CAPTCHA elevated security check.  Failure count equals 11

In the case above the login is already failing and the user is being presented with a captcha challenge.  This may prevent APIs from functioning for example since they are unable to complete captcha challenges.  

The xxx.xx.xxx.xx will be the IP address for the machine that is sending the request to the Jira server. 

• If there is no reverse proxy, the IP address should be that of the machine that is running the API or sending the request. 
• If there is a reverse proxy, the IP address may be that of the proxy server if the X-Forwarded-For header is not implemented at the proxy level.  If X-Forwarded-For is not implemented, then the proxy access logs may need to be reviewed to determine the original IP address of the request.