Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Deleted user
0 / 0 points
Next:
badges earned

Your Points Tracker
Challenges
Leaderboard
  • Global
  • Feed

Badge for your thoughts?

You're enrolled in our new beta rewards program. Join our group to get the inside scoop and share your feedback.

Join group
Recognition
Give the gift of kudos
You have 0 kudos available to give
Who do you want to recognize?
Why do you want to recognize them?
Kudos
Great job appreciating your peers!
Check back soon to give more kudos.

Past Kudos Given
No kudos given
You haven't given any kudos yet. Share the love above and you'll see it here.

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

How to find IP of failed login attempts

We have a self hosted JIRA install. On the admin page I noticed failed login attempts for a user who's left the company and had his account disabled:

Last Failed Login: Today 6:05 PM
Current Failed Login Count: 8
Total Failed Login Count: 11

How I can I see what IP these attempts came from? 

I read this question: https://answers.atlassian.com/questions/203776

And it said: 

You can view the information from the user sessions under the Security on the JIRA Administration page.

From there you are able to tell who is trying to establish the session and which session is still active. Failed session will have no session ID and no user, but it will track which ip is the request from.

When I went there I saw a session that had a session ID, and under user it said 'Not available' But there were no entries with no session ID. 

1 answer

3 votes

Hey Larry,

Go to JIRA_HOME/log/atlassian-jira-security.log and search for the text

The user '<insert username here>' has FAILED authentication

That should give you the IP address

Jeff Turner Community Leader Jul 19, 2019

A small perl script that extracts failing usernames and IPs from atlassian-jira-security.log:

cat $JIRA_HOME/atlassian-jira-security.log | perl -lane "print \$1 . ' ' . \$F[6] if (/The user '([^']+)' has FAILED authentication/)"
jsmith 10.1.1.104
jsmith 10.1.1.104
testsvc 10.1.1.102
...

To get the top failing username/IPs:

cat $JIRA_HOME/atlassian-jira-security.log | perl -lane "print \$1 . ' ' . \$F[6] if (/The user '([^']+)' has FAILED authentication/)"| sort | uniq -c | sort -nr | head

4546 jsmith 10.1.1.104
4332 seportal 10.1.1.99
148 testsvc 10.1.1.102
...
Like Maxim Kuznetsov likes this

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Jira Service Management

JSM June Challenge #2: Share how your business teams became ITSM rockstars

For JSM June Challenge #2, share how your non-technical teams like HR, legal, marketing, finance, and beyond started using Jira Service Management! Tell us: Did they ask to start using it or...

196 views 6 7
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you