Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-24844

Add connection and client information to unauthorised log lines

    XMLWordPrintable

Details

    • Improvement
    • Status: Closed
    • Major - P3
    • Resolution: Won't Do
    • 3.2.7
    • None
    • Diagnostics, Security
    • None
    • Security 2019-07-29, Security 2019-08-12, Security 2019-08-26

    Description

      SERVER-16452 added client connection information to failed log in attempts, however unauthorised messages are bereft of any detail to make them immediately useful. For example:

      2016-06-30T08:42:35.887+1000 I ACCESS   [conn1] Unauthorized: not authorized on test to execute command { insert: "test", documents: [ { 1: 1.0, _id: ObjectId('57744edb16608f349f2197fc') } ], ordered: true }
      

      The message does not tell you which user failed the check, and also does not tell you which client/ip address the attempt came from (without back tracing in the logs).

      Attachments

        Activity

          People

            spencer.jackson@mongodb.com Spencer Jackson
            andre.defrere@mongodb.com Andre de Frere
            Votes:
            0 Vote for this issue
            Watchers:
            11 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: