Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-24844

Add connection and client information to unauthorised log lines

XMLWordPrintableJSON

    • Type: Icon: Improvement Improvement
    • Resolution: Won't Do
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: 3.2.7
    • Component/s: Diagnostics, Security
    • Labels:
      None
    • Security 2019-07-29, Security 2019-08-12, Security 2019-08-26

      SERVER-16452 added client connection information to failed log in attempts, however unauthorised messages are bereft of any detail to make them immediately useful. For example:

      2016-06-30T08:42:35.887+1000 I ACCESS   [conn1] Unauthorized: not authorized on test to execute command { insert: "test", documents: [ { 1: 1.0, _id: ObjectId('57744edb16608f349f2197fc') } ], ordered: true }

      The message does not tell you which user failed the check, and also does not tell you which client/ip address the attempt came from (without back tracing in the logs).

            Assignee:
            spencer.jackson@mongodb.com Spencer Jackson
            Reporter:
            andre.defrere@mongodb.com Andre de Frere
            Votes:
            0 Vote for this issue
            Watchers:
            11 Start watching this issue

              Created:
              Updated:
              Resolved: