[SERVER-18404] Change facility for audit messages written to syslog Created: 11/May/15 Updated: 06/Dec/22 |
|
| Status: | Backlog |
| Project: | Core Server |
| Component/s: | Logging, Security |
| Affects Version/s: | 3.0.2 |
| Fix Version/s: | None |
| Type: | New Feature | Priority: | Major - P3 |
| Reporter: | Andre de Frere | Assignee: | Backlog - Security Team |
| Resolution: | Unresolved | Votes: | 5 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Assigned Teams: |
Server Security
|
||||||||
| Sprint: | Dev Tools 2019-01-28, Dev Tools 2019-02-11, Dev Tools 2019-02-25, Dev Tools 2019-03-11 | ||||||||
| Participants: | |||||||||
| Case: | (copied to CRM) | ||||||||
| Description |
|
When writing the log to syslog, you have the ability to change the facility level for the messages written (with the syslogFacility config option). When writing the audit log to syslog, there is no option to change the facility. All messages are written to "user" at "info" level severity. Being able to change the facility would allow users to write audit messages to other syslog destinations. |
| Comments |
| Comment by Thameem R [ 24/Dec/21 ] |
|
Any update on this feature, do we have something in 5.0 version ? |
| Comment by Andrew Morrow (Inactive) [ 25/Mar/19 ] |
|
matt.lord - Assigning to you as investigating to come to a conclusion about what we are going to do here, if anything. |
| Comment by Andy Schwerin [ 26/May/15 ] |
|
Using the syslog support in libc, one cannot set distinct identities or facilities within a single process. As such, mongodb processes use the syslogFacility setParameter for both audit and diagnostic log messages. Doing more requires us to use a different (non-standard) library for interfacing with syslog. |