[SERVER-27595] Client IP address not shown - MongoDB

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Major - P3
Resolution: Fixed
Affects Version/s: 3.2.10, 3.4.0
Fix Version/s: 3.5.9
Component/s: Logging
Labels:
- neweng
- platforms-interns-2017

Backwards Compatibility:
Minor Change
Operating System:
ALL
Steps To Reproduce:

Hide

Try to login with an nonexistent user

Show
Try to login with an nonexistent user
Sprint:
Platforms 2017-06-19

Description

When an user tries to brute force access the mongo database it does not show the ip address of the incoming connection attempt.

I only get the following two lines of log:

2017-01-06T00:57:05.883+0000 I ACCESS [conn6110] Failed to authenticate rafa@admin with mechanism MONGODB-CR: AuthenticationFailed: UserNotFound: Could not find user rafa@admin
2017-01-06T00:57:06.253+0000 I ACCESS [conn6110] authenticate db: admin

{ authenticate: 1.0, user: "rafa", nonce: "xxx", key: "xxx" }

When the user exists but the password is wrong, I get the following line of log:

2017-01-05T23:38:55.782+0000 I ACCESS [conn624] Failed to authenticate rafa@admin with mechanism MONGODB-CR: AuthenticationFailed: MONGODB-CR credentials missing in the user document

I've found that this issue SERVER-16452was to resolve this problem.

I've seen this problem with both versions that I marked.

Attachments

Issue Links

is related to

SERVER-16452 Failed login attempts should log source IP address

Closed

Activity

People

Assignee:: Sara Golemon

Reporter:: Bruno Henrique Miranda dos Santos

Participants:: Bruno Henrique Miranda dos Santos, Githook User, Kelsey T Schubert, Sara Golemon

Votes:: 2 Vote for this issue

Watchers:: 7 Start watching this issue

Dates

Created:: Jan 06 2017 01:46:45 AM UTC

Updated:: Dec 06 2017 09:11:50 PM UTC

Resolved:: Jun 09 2017 07:48:41 PM UTC