Werk #16360: Dedicated security logging

Component

Site management

Title

Dedicated security logging

Date

Feb 16, 2024

Level

Trivial Change

Class

New Feature

Compatibility

Compatible - no manual interaction needed

Checkmk versions & editions

2.4.0b1	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)
2.3.0b1	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)

To make it easier to detect certain security relevant events a dedicated security log is introduced. You can find it in var/log/security.log.

The format of each line is: 1. The date and time the logentry was created (local time) 2. The security domain and the process id. 3. The message as json with a summary and details key. The contents of the details vary by the domain.

Currently the following domains exist: * application_errors: e.g if a CSRF token could not be found/validated * auth: e.g. successful / unsuccessful authentication attempts. (Successful authentication attempts without opening a session are currently not logged.) * service: e.g. the start of a site * user_management: e.g. change of a password

Please note that this logfile is still subject to change. Additional events might be added and details may change with p-releases.

To the list of all Werks