You catch more flies with honey than vinegar or, sometimes you catch more flies with honey. Usually....

This works better.. kinda dirty but works. 

if (result == LoginResult.Success)
{
File.AppendAllText(@"/var/log/screenconnect", DateTime.Now.ToString("MMM d H:mm:ss") + " screenconnect(" + Dns.GetHostName() +"): Authentication successful from " + GetIPAddress() + Environment.NewLine);
File.WriteAllText(@"/tmp/temp", GetIPAddress());
this.errorLabel.Text = null;

if (userName.IsNullOrEmpty())
throw new InvalidOperationException(WebResources.GetString("LoginPanel.InvalidUserNameText"));

var threadState = new
{
User = MembershipWebAuthenticationProvider.GetEnabledMembershipProviders()
.Where(_ => _ is IMembershipWithoutOldPasswordProvider)
.Select(_ => _.GetUser(userName))
.FirstOrDefault(),
Url = this.Context.Request.GetRealUrl(),
this.Context.Request.UserHostAddress,
this.Context.Request.UserAgent
};

if (threadState.User != null && !threadState.User.Email.IsNullOrEmpty())
System.Threading.ThreadPool.QueueUserWorkItem(delegate
{
string ipAddress = File.ReadAllText(@"/tmp/temp");
Extensions.Try(() => MailSender.Instance.SendMail(
threadState.User.Email,
"Successful Login from: " + ipAddress,
"Successful Login from: " + ipAddress,
Extensions.TryParseBool(WebResources.GetString("ResetPasswordEmailIsBodyHtml"))
));
});
this.Response.Redirect(this.Context.GetValidReturnUrlOrDefault());
}

Yeah... I just want the list of IP addresses that try to bang on the login... just to know. Never know what you could find. It would be cool to have a dangerous list of ip addresses to add to the list... I think pfSense does this..... Not sure.

Bam! Login.aspx email without fail2ban. Looked at the reset password function in Login.aspx. Seems to work okay.

if (result == LoginResult.Success)
{
File.AppendAllText(@"/var/log/screenconnect", DateTime.Now.ToString("MMM d H:mm:ss") + " screenconnect(" + Dns.GetHostName() +"): Authentication successful from " + GetIPAddress() + Environment.NewLine);
this.errorLabel.Text = null;

if (userName.IsNullOrEmpty())
throw new InvalidOperationException(WebResources.GetString("LoginPanel.InvalidUserNameText"));

var threadState = new
{
User = MembershipWebAuthenticationProvider.GetEnabledMembershipProviders()
.Where(_ => _ is IMembershipWithoutOldPasswordProvider)
.Select(_ => _.GetUser(userName))
.FirstOrDefault(),
Url = this.Context.Request.GetRealUrl(),
this.Context.Request.UserHostAddress,
this.Context.Request.UserAgent
};

if (threadState.User != null && !threadState.User.Email.IsNullOrEmpty())
System.Threading.ThreadPool.QueueUserWorkItem(delegate
{
Extensions.Try(() => MailSender.Instance.SendMail(
threadState.User.Email,
"Successful Login",
"Successful Login",
Extensions.TryParseBool(WebResources.GetString("ResetPasswordEmailIsBodyHtml"))
));
});
this.Response.Redirect(this.Context.GetValidReturnUrlOrDefault());
}

Agreed, but this is better then nothing, and it does exactly what I want. Only thing is, editing Login.aspx after upgrading. I can live with that. I had issues with LetsEncrypt and my screenconnect installation..and ended up doing something different to make that work. 

Only thing left to do, tell fail2ban to email me for successful logins... which is easy. But would be cooler if you guys could share some code to do that in Login.aspx. =)

https://controlforum.connectwise.com/yaf_postsm28485findunread_fail2ban-working-example.aspx

Works great on self hosted.

I now have a log of successful and failed logins by ip and ban appropriately.If you set your timezone, be sure to reboot or fail2ban won't work... 

port setting should be whatever ports you want banned.