[DOCS-14305] Investigate changes in SERVER-24912: Include Client Metadata in audit logs Created: 19/Mar/21  Updated: 13/Nov/23  Resolved: 27/Jul/21

Status: Closed
Project: Documentation
Component/s: manual, Server
Affects Version/s: None
Fix Version/s: 4.9.0, Server_Docs_20231030, Server_Docs_20231106, Server_Docs_20231105, Server_Docs_20231113

Type: Task Priority: Major - P3
Reporter: Backlog - Core Eng Program Management Team Assignee: Jason Price
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Documented
documents SERVER-24912 Include Client Metadata in audit logs Closed
Participants:
Days since reply: 2 years, 46 weeks, 5 days ago
Epic Link: DOCSP-9747
Story Points: 3

 Description   

Description

Downstream Change Summary

This commit introduces a new audit event atype: "clientMetadata". This event is emitted when metadata for a client connection is finalized during the first hello request. This new type of event may have two fields in "param":

  • "localEndpoint" will contain the interface upon which the connection was established. It can be either a port and ip (
    Unknown macro: {ip}

    ) or a file path (

    Unknown macro: {unix}

    ).

  • "clientMetadata" will contain the metadata provided by the client driver (if any) including application name. This currently has a schema like so:
    "clientMetadata" : {
    "application" :
    Unknown macro: { "name" }

    ,
    "driver" :

    Unknown macro: { "name" }

    ,
    "os" :

    Unknown macro: { "type" }

    }

This commit also introduces a new field "uuid" in every audit entry which can be used to uniquely identify a client connection. This uuid is also logged as part of LOGV2(22943) and LOGV2(22944).

Lastly, the "local" field in audit entries is to be considered deprecated in favor of the "param.localEndpoint" field in the "clientMetadata" event. We have no plans to remove the "local" field at this time, but we are reserving the right to do so if we need to reduce the size of audit logs in a future stable release.

Description of Linked Ticket

Suggest:

  • Whole client metadata document in auth-related audit log entries
  • AppName string in all other audit log entries

Scope of changes

Impact to Other Docs

MVP (Work and Date)

Resources (Scope or Design Docs, Invision, etc.)


Generated at Thu Feb 08 08:10:03 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.