> Is there a module / or a development effort that allows to log form-based > authentication (field j_username) i.e. username in standard apache log > files?
Not to the standard log files, but close. With mod_security (http://www.modsecurity.org), you can log POST requests to a separate log file. I am toying with the idea to trick the server into logging POST data as a QUERY_STRING, but I'm not quite sure how that would work. If anyone cares to comment, I'd gladly listen. I also plan to include functionality to sanitize parameters selectively, to avoid having sensitive stuff (passwords, CC details) in the log. -- ModSecurity (http://www.modsecurity.org) [ Open source IDS for Web applications ]
