-
Type: Task
-
Resolution: Won't Fix
-
Priority: Major - P3
-
Affects Version/s: None
-
Component/s: Server
-
Labels:None
Description
Downstream Change Summary
We have removed auditing for commands invoked internally. When an external command causes the DBDirectClient to run a command, we used to audit these operations. Now we do not, reducing overall audit spam.
Description of Linked Ticket
When address family is AF_UNSPEC, we audit log ip: "(NONE)". It may be possible to treat this differently.
original description
When auditing is set on Mongodb, the log has local and remote IP which is always localhost as in:
Apr 10 11:17:27 CentOS50G tag1 { "atype" : "authCheck", "ts" : { "$date" : "2019-04-10T11:17:19.306-0700" }, "local" : { "ip" : "(NONE)", "port" : 0 }, "remote" : { "ip" : "(NONE)", "port" : 0 }, "users" : [], "roles" : [], "param" : { "command" : "listIndexes", "ns" : "config.system.sessions", "args" : { "listIndexes" : "system.sessions", "cursor" : {}, "$db" : "config" } }, "result" : 0 }
Here eventhough Mongo server is CentOS50G the local ip is either NONE or 127.0.0.1
Scope of changes
Impact to Other Docs
MVP (Work and Date)
Resources (Scope or Design Docs, Invision, etc.)
- documents
-
SERVER-40569 Auditing "(NONE)" when address family is AF_UNSPEC
- Closed