Werk #16360: Dedicated security logging

Component Site management
Title Dedicated security logging
Date Feb 16, 2024
Checkmk Edition Checkmk Raw (CRE)
Checkmk Version 2.3.0b1 2.4.0b1
Level Trivial Change
Class New Feature
Compatibility Compatible - no manual interaction needed

To make it easier to detect certain security relevant events a dedicated security log is introduced. You can find it in var/log/security.log.

The format of each line is: 1. The date and time the logentry was created (local time) 2. The security domain and the process id. 3. The message as json with a summary and details key. The contents of the details vary by the domain.

Currently the following domains exist: * application_errors: e.g if a CSRF token could not be found/validated * auth: e.g. successful / unsuccessful authentication attempts. (Successful authentication attempts without opening a session are currently not logged.) * service: e.g. the start of a site * user_management: e.g. change of a password

Please note that this logfile is still subject to change. Additional events might be added and details may change with p-releases.

To the list of all Werks