-
Type:
Improvement
-
Resolution: Fixed
-
Priority:
Minor - P4
-
Affects Version/s: None
-
Component/s: None
-
Fully Compatible
-
Security 2018-09-24
As of now, log statements for auth failure come in the form `my_user_name@db`. For better or worse, `my_user_name` and `db` are allowed to have at-signs. The log can get a bit confusing to parse in light of this:
2018-05-03T12:00:48.332-0400 I NETWORK [listener] connection accepted from 127.0.0.1:44834 #8 (2 connections now open)
2018-05-03T12:00:48.332-0400 I NETWORK [conn8] received client metadata from 127.0.0.1:44834 conn8: { driver: { name: "mongoc", version: "1.10.0-dev" }, os: { type: "Linux", name: "Fedora", version: "27", architecture: "x86_64" }, platform: "cfg=0x215680e9 posix=200809 stdc=201112 CC=GCC 5.4.0 CFLAGS="" LDFLAGS=""" }
2018-05-03T12:00:48.333-0400 I ACCESS [conn8] SASL SCRAM-SHA-1 authentication failed for test\@@PIZZABAGEL.LOC on external from client 127.0.0.1:44834 ; UserNotFound: Could not find user test\@@PIZZABAGEL.LOC@external
2018-05-03T12:00:48.333-0400 I NETWORK [conn8] end connection 127.0.0.1:44834 (1 connection now open)
Ideally, the statement would read something like:
2018-05-03T12:00:48.333-0400 I ACCESS [conn8] SASL SCRAM-SHA-1 authentication failed for test\@@PIZZABAGEL.LOC on external from client 127.0.0.1:44834 ; UserNotFound: Could not find user 'test\@@PIZZABAGEL.LOC' for db 'external'.