Werk #16360: Dedicated security logging

Component Site management
Title Dedicated security logging
Date Feb 16, 2024
Level Trivial Change
Class New Feature
Compatibility Compatible - no manual interaction needed
Checkmk versions & editions
2.4.0b1
Not yet released
Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)
2.3.0b1 Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)

To make it easier to detect certain security relevant events a dedicated security log is introduced. You can find it in var/log/security.log.

The format of each line is: 1. The date and time the logentry was created (local time) 2. The security domain and the process id. 3. The message as json with a summary and details key. The contents of the details vary by the domain.

Currently the following domains exist: * application_errors: e.g if a CSRF token could not be found/validated * auth: e.g. successful / unsuccessful authentication attempts. (Successful authentication attempts without opening a session are currently not logged.) * service: e.g. the start of a site * user_management: e.g. change of a password

Please note that this logfile is still subject to change. Additional events might be added and details may change with p-releases.

To the list of all Werks