Does IP generate log-files?

At the moment I’m using IP 1.5.3.
Is there some log-file ? I’m testing invoice-plane with a server accessible from the Internet. Already some people try access the server although nobody knows the FQDN except the testers. I would like to use something like fail2ban to block brute-force attacks but that needs some log-file which contains the failed attempts, with its ip-addresses. I tried the apache-logs, but there everything seems OK, just access-entries, no errors from failed log-ins.
In ipconfig.php there is a setting “ENABLE_DEBUG” which seems to “enable advanced logging”. Where does that logging go to ? Is there other logging than “advanced logging” ?


It seems you didn’t followed the instructions on the top of ths page to read the wiki and the FAQ. The FIRST entry in the FAQ is about logging in IP

To answer the rest of your question: IP does not log failed attempts because the debug mode is exactly what the name states: a mode for debugging, not for day to day use.

My apologies for not reading the FAQ thoroughly enough.
And thanks for the link.

So there is no way I can prevent brute-force attacks trying to guess the passwords ? Something for the wishlist ?

I modified application/modules/sessions/controllers/Sessions.php to have some logging.
Is there a way to have it included in a next release ?
It needs some polishing I think.

You may just create a pull request for the 1.6.0 branch with the changes. All further discussion on the code is then done in the pull request.

Just did a pull request.
I hope I did it right, it’s the first time I’m using github.