Login error style

Hello everyone,

I’m currently working on failed login tracking in SailPoint IdentityIQ 8.4, and I’m facing an issue capturing the username in the application logs.

I configured Log4j2 with the following loggers:

• sailpoint.web.UserLoginController (TRACE)

• sailpoint.server.Authenticator (DEBUG)

• sailpoint.server.AuditService (TRACE)

The logs are being generated successfully, but for failed login attempts, I only see this message:

No authentication application defined or account not found - attempting to authenticate internally.

The issue is that the username is not included in the log entry, while in Advanced Analytics the failed login appears correctly with user details.

My goal is to have failed login attempts logged in the file with the username included for easier monitoring and SIEM integration.

Has anyone faced this before or knows how to enrich the logs with the username for failed authentications?

Any help would be appreciated.

image1232×124 4.87 KB

@IslamElkhouly Try enabling logger for this class sailpoint.web.LoginBean

@IslamElkhouly You can try with sailpoint.web.LoginBean. It prints the user name in format: “Entering setAccountId(accountId = spadmin)” but it generates another 160+ lines of code.

You can also try to monitor the spt_audit_event for specific entries. We have done it in one of our project where we created a separate view for specific audit events and established a pipeline to move it to Kibana.

Thanks, that works for me.

Thanks, that works for me