Werk #16360: Dedicated security logging
Component | Site management |
Title | Dedicated security logging |
Date | Feb 16, 2024 |
Checkmk Edition | Checkmk Raw (CRE) |
Checkmk Version | 2.3.0b1 2.4.0b1 |
Level | Trivial Change |
Class | New Feature |
Compatibility | Compatible - no manual interaction needed |
To make it easier to detect certain security relevant events a dedicated security log is introduced. You can find it in var/log/security.log
.
The format of each line is:
1. The date and time the logentry was created (local time)
2. The security domain and the process id.
3. The message as json with a summary
and details
key. The contents of the details
vary by the domain.
Currently the following domains exist:
* application_errors
: e.g if a CSRF token could not be found/validated
* auth
: e.g. successful / unsuccessful authentication attempts. (Successful authentication attempts without opening a session are currently not logged.)
* service
: e.g. the start of a site
* user_management
: e.g. change of a password
Please note that this logfile is still subject to change. Additional events might be added and details may change with p-releases.