Download

Werk #16360: Dedicated security logging

Component Site management
Title Dedicated security logging
Date Feb 16, 2024
Checkmk Edition Checkmk Raw (CRE)
Checkmk Version 2.3.0b1 2.4.0b1
Level Trivial Change
Class New Feature
Compatibility Compatible - no manual interaction needed

To make it easier to detect certain security relevant events a dedicated security log is introduced. You can find it in var/log/security.log.

The format of each line is: 1. The date and time the logentry was created (local time) 2. The security domain and the process id. 3. The message as json with a summary and details key. The contents of the details vary by the domain.

Currently the following domains exist: * application_errors: e.g if a CSRF token could not be found/validated * auth: e.g. successful / unsuccessful authentication attempts. (Successful authentication attempts without opening a session are currently not logged.) * service: e.g. the start of a site * user_management: e.g. change of a password

Please note that this logfile is still subject to change. Additional events might be added and details may change with p-releases.

To the list of all Werks

See it yourself

Try out Checkmk now.

Get the Raw Edition Free and open source monitoring
Play with Checkmk Try Checkmk without installing
Checkmk Conference #10

Join us for the highlight of the year when the Checkmk Community gets together in Munich from June 11-13.

Register now