MongoDB does not log failed login attempts.
For installations which need to be open to the public internet (for example because you have mobile clients), this makes it basically impossible to implement some sort of brute force prevention, like fail2ban. Fail2Ban scans log files for failed login attempts and uses various mechanisms like iptables or libwrap (not applicable to mongodb) to locks ipadresses out after a certain amount of failed login attempts.
- is related to
SERVER-16453 MongoDB server should obey /etc/hosts.deny and /etc/hosts.allow on GNU/Linux and UNIX systems
- related to
SERVER-22054 Authentication failure reports incorrect IP address
SERVER-27595 Client IP address not shown