3.107.4. FailureFormat Previous topic Parent topic Child topic Next topic

This optional parameter specifies the format that is to be used to log authentication failures in Filename when LogFormatHook is not defined. You can use any of the special characters defined. For more information about special characters, see Section 3.3. Special formatters. Also %0 is replaced by the message severity level, %1 by the reason string and %2 by the tracing identifier. The default value is %l:%U:%P:FAIL. This logs time stamp in long format, current User-Name, decoded password and text FAIL.
CAUTION
The default FailureFormat logs the plaintext password entered by the user. Some organisations prefer that user passwords are not logged. In that case, FailureFormat that does not include the %P (decoded password) special character is preferable.