{"id":20491707,"url":"https://github.com/dalibo/pg_log_authfail","last_synced_at":"2025-04-13T16:55:19.712Z","repository":{"id":11116754,"uuid":"13474609","full_name":"dalibo/pg_log_authfail","owner":"dalibo","description":null,"archived":false,"fork":false,"pushed_at":"2016-10-06T17:03:23.000Z","size":24,"stargazers_count":16,"open_issues_count":2,"forks_count":2,"subscribers_count":28,"default_branch":"master","last_synced_at":"2025-03-27T07:51:32.679Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":"akheron/jansson","license":"isc","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dalibo.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"COPYING","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2013-10-10T15:03:08.000Z","updated_at":"2020-12-24T14:50:51.000Z","dependencies_parsed_at":"2022-09-10T16:41:49.139Z","dependency_job_id":null,"html_url":"https://github.com/dalibo/pg_log_authfail","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dalibo%2Fpg_log_authfail","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dalibo%2Fpg_log_authfail/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dalibo%2Fpg_log_authfail/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dalibo%2Fpg_log_authfail/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dalibo","download_url":"https://codeload.github.com/dalibo/pg_log_authfail/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248750011,"owners_count":21155682,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-15T17:25:38.794Z","updated_at":"2025-04-13T16:55:19.655Z","avatar_url":"https://github.com/dalibo.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"pg_log_authfail\n===============\n\n\npg_log_authfail is a PostgreSQL module that logs each failed connection attempt\nin a fixed format and in a potentially specific file.\n\n**It requires PostgreSQL 9.1 or above.**\n\nThe output format looks like :\n\n    Failed authentication from X.X.X.X on port Y\n\nPreceded or not by the log_line_prefix format.\n\nThe main goal of this tool is to handle those logs with an external tool such\nas fail2ban or Splunk, without performance issue.\n\n\nInstallation\n============\n\n- Compatible with PostgreSQL 9.1 and above\n- Needs PostgreSQL header files\n- decompress the tarball\n- sudo make install\n\nConfiguration\n=============\n\nHere are some configuration examples in order to configure PostgreSQL and\nfail2ban.\n\nSyslog destination is used in order to redirect logs in a separate logfile,\nfor performance issue and to keep as much liberty as possible in regular\nPostgreSQL logs.\n\nIf multiple clusters are located on the server, the same output file can be\nused, as the port is specified. Depending on fail2ban configuration, each\ncluster can be blocked separately or all at the same time.\n\n**postgresql.conf**\n-------------------\n\n    shared_preload_library = 'pg_log_authfail'\n    pg_log_authfail.log_destination = syslog\n    pg_log_authfail.syslog_ident = pgsql\n    pg_log_authfail.use_log_line_prefix = false\n    pg_log_authfail.log_success = false\n    pg_log_authfail.log_aborted = false\n\n\n**syslog.conf**\n---------------\n\n    if $programname == 'pgsql' then        -/var/log/postgresql/pg_authfail.log\n\n\n**fail2ban/jail.conf**\n----------------------\n\n    ...\n    [pgsql]\n\n    enabled  = true\n    port     = 5432\n    filter   = postgresql\n    logpath  = /var/log/postgresql/pg_authfail.log\n    maxretry = 5\n\nNOTE: If you want to block all instances at the same time, you have to specify\nevery ports on the **port** parameter, comma separated, ie. port = 5432,5433...\n\nNOTE: If you don't specify the **sslmode** on your connection string, your\nclient should fail twice (with and without ssl) if the PostgreSQL server is\nconfigured to use ssl. Therefore, two failed attempts will be logged.\n\n\nThe included example/pg.conf file show a simple filter for pg_log_authfail\noutput. It should be copied in the /etc/fail2ban.conf/filter.d directory.\n\n\nNOTE: if you want to manage each PostgreSQL cluster separately, you have to:\n\n  - duplicate and rename this file for each cluster\n  - specify the port in the regexp, as indicated in the example file\n  - duplicate entries in the jail.conf file, with a different name (ie.\n    [pgsql5434]) matching the duplicate pg.conf file for filter.\n\nFinally, reload your fail2ban daemon and you're done.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdalibo%2Fpg_log_authfail","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdalibo%2Fpg_log_authfail","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdalibo%2Fpg_log_authfail/lists"}