Login security logs

Hi, a couple of questions regarding login security.

1-where can I check user logins and failures??
I’ve been looking into zendphp.log but all I can find are [custom_username] entries in schedule/add-show arrays.

2-brute force login protection
Is there something similar to fail2ban we can use to protect LT logins?? can we enable the apache jail in fail2ban here?
or is there smtg else useful in this regard??

thanks for any hints!

Bump. I’d like to check WebUI logins and failures too.

Also connections for streaming both Mastersource and Showsource. I see there is a Github issue for this one: https://github.com/LibreTime/libretime/issues/999

I’m willing to cobble something into the LoginController.php file for the WebUI login logging, but where should this be stored (syslog?) and what function call does the logging?

–Bob.

I too would like to secure my LibreTime server with fail2ban.
I don’t see that failed logins are logged anywhere.
For fail2ban, it’s best to put it in a generally small log file. Syslog would be too big and drag down performance. It just needs to be logged in plain text.

Please advise.