Werk #16360: Dedicated security logging

Komponente

Site management

Titel

Dedicated security logging

Datum

16.02.2024

Level

Kleine Änderung

Klasse

Neues Feature

Kompatibilität

Kompatibel - benötigt kein manuelles Eingreifen

Checkmk versions & editions

2.4.0b1	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)
2.3.0b1	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)

To make it easier to detect certain security relevant events a dedicated security log is introduced. You can find it in var/log/security.log.

The format of each line is: 1. The date and time the logentry was created (local time) 2. The security domain and the process id. 3. The message as json with a summary and details key. The contents of the details vary by the domain.

Currently the following domains exist: * application_errors: e.g if a CSRF token could not be found/validated * auth: e.g. successful / unsuccessful authentication attempts. (Successful authentication attempts without opening a session are currently not logged.) * service: e.g. the start of a site * user_management: e.g. change of a password

Please note that this logfile is still subject to change. Additional events might be added and details may change with p-releases.

Zur Liste aller Werks