"Failed Home Assistant login attempts" sensor - exclude false positives due to Command failed log entries

e-raser · January 9, 2021, 11:13pm

I discovered and integrated this command line sensor:

It works great so far:

BUT: It never sets to zero. Reason:
Sometimes when the command fails (during HA start process - I have no idea why it fails) there´s a line in the home_assistant.log like
2021-01-09 23:55:36 ERROR (SyncWorker_12) [homeassistant.components.command_line] Command failed: grep -c 'Login attempt' /config/home-assistant.log

And the next time the command_line sensor checks the .log file of course the string looking for is found.

Any ideas on how to work around that?
Is there a “grep everything except when xyz”?
(that way I could work around/exlude the lines containing >>>Command failed<<<: grep -c 'Login attempt')

e-raser · January 9, 2021, 11:43pm

Answered it myself in a blink of an eye

Excluding findings from grep could be achieved with adding " | grep -v" so finally my sensor definition with the following line for the command part does the trick:

- platform: command_line
    name: HA Failed Logins
    scan_interval: 60
    command_timeout: 60
    command: "grep 'Login attempt' /config/home-assistant.log | grep -v 'Command failed' | grep -c ''"

BUT this does not answer an important question / does not solve the root cause: why does that command fail? I still see a lot of those log entries.

Unfortunately I don´t know how to debug this. In the CLI it works without any issues…

e-raser · January 10, 2021, 12:13am

No, very strange.

While
command: "grep -c 'Login attempt' /config/home-assistant.log"
only fails once (and creates wrong value for the sensor)

this one fails every time it runs:
command: "grep 'Login attempt' /config/home-assistant.log | grep -v 'Command failed:' | grep -c ' '"

Where´s the difference? Seems like the command_line integration has a bug or why does it work on the actual CLI but not the integration?

jazzyisj · January 10, 2021, 12:32am

If you’re interested in that then this is worth taking a peek at.

e-raser · January 11, 2021, 8:19am

Looks interesting, thanks

But as I can see from the repo description it gives information on successful logins only, not failed login attempts I‘m looking for.

jazzyisj · January 11, 2021, 3:18pm

The sensor only gives you successful logins. The notification gives you both.

e-raser · January 11, 2021, 5:15pm

Nah okay. Nice but the opposite I am looking for. I need the failed ones from the HTTP module (Fail2Ban). So back to

e-raser · January 16, 2021, 6:01pm

Just FYI:

I worked around this by adding a second command_line sensor which grep´s explicitly for grep errors. The “Failed Logins” command_line sensor which includes actual failed logins plus false positives can now calculate the actual failed logins.

Still no idea why the grep command fails at all (guaranteed at least once per HA Core run time) but for the moment I can live with that workaround as it gives me real failed logins I can work with (automations, notifications, …).

e-raser · May 30, 2022, 12:54am

That (was working for years) seems to be partly broken now after updating to HA 2022.4: now attributes (like hostname, user, new_ip) are completely missing. Don’t know why. Any ideas how to get this back? Mainly detecting new first time/logins for being able to *do something*.

jazzyisj · May 30, 2022, 6:08pm

Still seems to be working for me?

e-raser · May 30, 2022, 6:37pm

Nope it doesn’t. There’s an issue on GitHub (2 actually) already, fix on the way for 4 weeks.

jazzyisj · May 30, 2022, 6:50pm

Huh I guess you’re right! That info shows up in the notification though? I’ve never really had anything else set up other than that, so I didn’t even notice.