Many thanks for the feedback and interesting to hear this is performing as designed. Is there any reason why the system is keeping the failed logins for longer than successful logins? Is there really any need to show the last 20 successful and 20 failed logins independently? It's fantastic that we can see a summary of all logins, but from a personal view point, being able to see the last 20 logins (whether successful or not) is more than enough. If someone was serious about monitoring failures then more than likely an SNMP trap would have been configured to show this failure alert on a monitoring platform vs. on the Astaro WebAdmin page.
Is there any reason why the system is keeping the failed logins for longer than successful logins?
Oh, if you have many more failed than successful logins, the successful ones will be kept longer. [;)]
If i understand correctly, we have always shown the last 25 failed logins.
The official specification by the Product Management Department was to show the last 20 successful logins. There was no specification regarding failed logins. So i think not changing the behaviour with respect to failed logins agrees with the principle of least surprise: People are probably used to seeing the last 25 failed logins.
Is there really any need to show the last 20 successful and 20 failed logins independently?
It's fantastic that we can see a summary of all logins, but from a personal view point, being able to see the last 20 logins (whether successful or not) is more than enough.
Um, well, perhaps.
Good to hear this display shows enough information for your purposes. :-)
On the other hand, if we would count successful and unsuccessful logins together, people could abuse one type to scroll the other type off the screen. That would somehow be half of a denial of service attack. OK, it's not really serious, you can always look at the real logs.
Still, it does look somewhat sane to count and handle different things independently, such that you are sure to always have information about both of them.
If someone was serious about monitoring failures then more than likely an SNMP trap would have been configured to show this failure alert on a monitoring platform vs. on the Astaro WebAdmin page.
No doubt.
The userlog on the Management menu is intended just for convenience, not for serious auditing.
Is there any reason why the system is keeping the failed logins for longer than successful logins?
Oh, if you have many more failed than successful logins, the successful ones will be kept longer. [;)]
If i understand correctly, we have always shown the last 25 failed logins.
The official specification by the Product Management Department was to show the last 20 successful logins. There was no specification regarding failed logins. So i think not changing the behaviour with respect to failed logins agrees with the principle of least surprise: People are probably used to seeing the last 25 failed logins.
Is there really any need to show the last 20 successful and 20 failed logins independently?
It's fantastic that we can see a summary of all logins, but from a personal view point, being able to see the last 20 logins (whether successful or not) is more than enough.
Um, well, perhaps.
Good to hear this display shows enough information for your purposes. :-)
On the other hand, if we would count successful and unsuccessful logins together, people could abuse one type to scroll the other type off the screen. That would somehow be half of a denial of service attack. OK, it's not really serious, you can always look at the real logs.
Still, it does look somewhat sane to count and handle different things independently, such that you are sure to always have information about both of them.
If someone was serious about monitoring failures then more than likely an SNMP trap would have been configured to show this failure alert on a monitoring platform vs. on the Astaro WebAdmin page.
No doubt.
The userlog on the Management menu is intended just for convenience, not for serious auditing.
