Is there a way to include username in "[WARN-070] Too many failed logins" email notifications?

Question

Hi all, 
 When a user repeatedly fails to login via VPN on our UTM, I have setup that I/Admin receive a notification about the incident and the consequently blocking of the ip. However - the notification does not contain the userid which was used during the login attempt, which would be a great help for us, to be able to contact the user or even forward the message to the user, so that he/she are informed they are now blocked, and don't need to continue trying to get access until quarantine has ended. 
 So - is there a way to edit the notification, and have the username which was used, added to the notification sent together with the already mentioned IP of the user? 
 Cheers, Henrik Holm Nielsen

BAlfson · Answer

Hej Henrik and welcome to the UTM Community! 
 You can't add it to the notification, but you can search on the IP in the User Authentication log to find the user. 
 From the command line, if you're using SSL VPN Remote Access, you could use the following to see the lines from today: 
 grep openvpn /var/log/aua.log|grep failed|more 
 Cheers - Bob