Uploaded image for project: 'Documentation'
  1. Documentation
  2. DOCS-14320

Investigate changes in SERVER-40569: Auditing "(NONE)" when address family is AF_UNSPEC

XMLWordPrintableJSON

      Description

      Downstream Change Summary

      We have removed auditing for commands invoked internally. When an external command causes the DBDirectClient to run a command, we used to audit these operations. Now we do not, reducing overall audit spam.

      Description of Linked Ticket

      When address family is AF_UNSPEC, we audit log ip: "(NONE)". It may be possible to treat this differently.

      original description

      When auditing is set on Mongodb, the log has local and remote IP which is always localhost as in:

      Apr 10 11:17:27 CentOS50G tag1 { "atype" : "authCheck", "ts" : { "$date" : "2019-04-10T11:17:19.306-0700" }, "local" : { "ip" : "(NONE)", "port" : 0 }, "remote" : { "ip" : "(NONE)", "port" : 0 }, "users" : [], "roles" : [], "param" : { "command" : "listIndexes", "ns" : "config.system.sessions", "args" : { "listIndexes" : "system.sessions", "cursor" : {}, "$db" : "config" } }, "result" : 0 }

       Here eventhough Mongo server is CentOS50G the local ip is either NONE or 127.0.0.1 

      Scope of changes

      Impact to Other Docs

      MVP (Work and Date)

      Resources (Scope or Design Docs, Invision, etc.)

            Assignee:
            Unassigned Unassigned
            Reporter:
            backlog-server-pm Backlog - Core Eng Program Management Team
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved:
              3 years, 3 weeks, 6 days ago