Werk #16360: Dedicated security logging
| Komponente | Site management |
| Titel | Dedicated security logging |
| Datum | 16.02.2024 |
| Checkmk Edition | Checkmk Raw (CRE) |
| Checkmk-Version | 2.3.0b1 2.4.0b1 |
| Level | Kleine Änderung |
| Klasse | Neues Feature |
| Kompatibilität | Kompatibel - benötigt kein manuelles Eingreifen |
To make it easier to detect certain security relevant events a dedicated security log is introduced. You can find it in var/log/security.log.
The format of each line is:
1. The date and time the logentry was created (local time)
2. The security domain and the process id.
3. The message as json with a summary and details key. The contents of the details vary by the domain.
Currently the following domains exist:
* application_errors: e.g if a CSRF token could not be found/validated
* auth: e.g. successful / unsuccessful authentication attempts. (Successful authentication attempts without opening a session are currently not logged.)
* service: e.g. the start of a site
* user_management: e.g. change of a password
Please note that this logfile is still subject to change. Additional events might be added and details may change with p-releases.
