[SERVER-18404] Change facility for audit messages written to syslog Created: 11/May/15  Updated: 06/Dec/22

Status: Backlog
Project: Core Server
Component/s: Logging, Security
Affects Version/s: 3.0.2
Fix Version/s: None

Type: New Feature Priority: Major - P3
Reporter: Andre de Frere Assignee: Backlog - Security Team
Resolution: Unresolved Votes: 5
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
related to DOCS-10991 Add note that auditing and logging sh... Closed
Assigned Teams:
Server Security
Sprint: Dev Tools 2019-01-28, Dev Tools 2019-02-11, Dev Tools 2019-02-25, Dev Tools 2019-03-11
Participants:
Case:

 Description   

When writing the log to syslog, you have the ability to change the facility level for the messages written (with the syslogFacility config option).

When writing the audit log to syslog, there is no option to change the facility. All messages are written to "user" at "info" level severity.

Being able to change the facility would allow users to write audit messages to other syslog destinations.



 Comments   
Comment by Thameem R [ 24/Dec/21 ]

Any update on this feature, do we have something in 5.0 version ?

Comment by Andrew Morrow (Inactive) [ 25/Mar/19 ]

matt.lord - Assigning to you as investigating to come to a conclusion about what we are going to do here, if anything.

Comment by Andy Schwerin [ 26/May/15 ]

Using the syslog support in libc, one cannot set distinct identities or facilities within a single process. As such, mongodb processes use the syslogFacility setParameter for both audit and diagnostic log messages.

Doing more requires us to use a different (non-standard) library for interfacing with syslog.

Generated at Thu Feb 08 03:47:34 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.