Lighttpd

401 Unauthorized will be in your access log (if you have that enabled) when someone fails to log in.
What are you attempting to log? For successful logins, you can add a custom log format to access log to log the request environment variable REMOTE_USER with each request.

I would like to have login attempts logged to a separate file, and with some useful information like client browser, ip, mac etc.

If you want to log every single request, then log the Authorization request header with every request, along with any other info you desire in your access log. See Docs_ModAccessLog.

Looks like I must catch the header and write to a file I specify like so...

if ($REQUEST_HEADER['Authorization']) {
// specify filename for accesslog.filename
}

Meanwhile I have been waiting for official 1.4.46 release, I have downloaded the latest code from git repository and began testing with $REQUEST_HEADER in the configuration file.

However, I get the following error for REQUEST_HEADER command

$REQUEST_HEADER["Authorization"] == "test" {

}

Error :

(configfile.c 1037) invalid character in condition
(configfile.c 1141) configfile parser failed at REQUEST

I know that the example of my code above will not lead to any solution discussed in the original question, but the fact that the REQUEST_HEADER command is not recognized by itself is an issue that must be understood firstly.

Thank you

Hmmm. Thanks for reporting that. The tag was originally named and tested as something else.

--- a/src/configfile.c
+++ b/src/configfile.c
@@ -1024,7 +1024,7 @@ static int config_tokenizer(server *srv, tokenizer_t *t, int *token_id, buffer *
                        if (t->in_cond) {
                                for (i = 0; t->input[t->offset + i] &&
                                     (isalpha((unsigned char)t->input[t->offset + i])
-                                     ); i++);
+                                     || t->input[t->offset + i] == '_'); ++i);

                                if (i && t->input[t->offset + i]) {
                                        tid = TK_SRVVARNAME;

Is there a possibility I will be able to test the fix, I have checked the git repository and looks like the fix has not been pushed?

Thank you

Not pushed yet. I have not had a chance to do additional testing. I will hopefully have a chance before tomorrow.

Change pushed in 7bd46d19

Thank you, will test it out!

Tested, working.

Thank you

P.S: any news on the release date for 1.4.46?

@yurylankovskiy, please do not cross-post to very old forum posts (https://redmine.lighttpd.net/boards/2/topics/5462)

Sorry to bring up an old thread, but have you figured out how to log meaningful information for authentication attempts?

because it is already asked and answered here, in the same question that you asked here 7 month ago. Log the Authentication header.

Okay, sorry ... let me bring up the old topic here

Firstly, regarding catching login requests, I must check for authorization header and nc counter, however, this DOES NOT work in all browsers because some of them always send nc=000001 and I have no way of finding whether this was a login request or just a regular page load.

Secondly, I must have specified more clearly in the other thread that my interest right now is SYSLOG and how am I suppose to distinguish login requests in the messages there?!

Whether you send logs to a file or to syslog should not make a difference. You probably have unstated and likely incorrect assumptions about how HTTP request/response works, or how HTTP Digest authentication works. Check the RFCs. I do not think that your issue has anything to do with whether you use lighttpd or another web server.

If you need to control the authentication process to the degree that you think you do, and are unable to get this information by logging the Authentication request header, the request (e.g. "GET /login"), and the status code of the HTTP response, then I suggest you look into using a custom FastCGI authorizer Docs_FastCGI where you will have full control over the authentication process.