Community
- Command Central
- MVP Program
- Monthly Mission
- Blogs
- Groups
- Events
- Media Vault
Products
- Observability
- Network Management
- Application Management
- IT Security
- IT Service Management
- System Management
- Database Management
Content Exchange
- SolarWinds Platform
- Server & Application Monitor
- Database Performance Analyzer
- Server Configuration Monitor
- Network Performance Monitor
- Network Configuration Manager
- SQL Sentry
- Web Help Desk
Free Tools & Trials
Store

WHD Invalid login attempts

Strange issue. We have logins setup for tech/client. One is @emailaddress and the other is f.lastname - I came into work to a notification that my account had been locked out due to 10+ invalid login attempts. This (to my knowledge) was not done by me. There were updates that were being run on desktop and server over the weekend, not sure if there is correlation there.

Question is, is there a log file or a way to view who/where the login attempts were coming from? IP/MAC/Hostname/etc. Is there a log file that has this information and what should I be searching for?

Find more posts tagged with

helpdesk

whd

Accepted answers

All comments

percyplant

have a look in the session-log.txt log file on your server in c:\program files\WebHelpDesk\log

bmihlfried

Looking inside that folder I find files listed as whd-session.<date>.log

The failed login message in WHD, was sent on the 17th. Looking for that log, it only has one listed as whd-session.log (missing the date).

Inside that file I find a few lines involving notifications of session timeouts, and logins, but I do not see anywhere that lists IP addresses of failed attempts. It also shows for some techs active session counts ranging from 3-5.

j_a_catlin

It used to be info and warn level log entries in older versions of WHD, and even then it didn't have the IP address that it came from. It looks like login failures still go there, but I had to drop Web Help Desk Authentication (whd.helpdesk.com.macsdesign.whd.auth) to a debug level to get the info. It ends up in whd.log in the end at that level of logging for that one section. @amirb it may be worth getting login failures with IP address at a higher level in the logging than this so monitoring of a log file wouldn't need debug level logging for auth problems of failed logins.