[SERVER-24844] Add connection and client information to unauthorised log lines Created: 29/Jun/16  Updated: 23/Aug/19  Resolved: 23/Aug/19

Status: Closed
Project: Core Server
Component/s: Diagnostics, Security
Affects Version/s: 3.2.7
Fix Version/s: None

Type: Improvement Priority: Major - P3
Reporter: Andre de Frere Assignee: Spencer Jackson
Resolution: Won't Do Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
Sprint: Security 2019-07-29, Security 2019-08-12, Security 2019-08-26
Participants:

 Description   

SERVER-16452 added client connection information to failed log in attempts, however unauthorised messages are bereft of any detail to make them immediately useful. For example:

2016-06-30T08:42:35.887+1000 I ACCESS   [conn1] Unauthorized: not authorized on test to execute command { insert: "test", documents: [ { 1: 1.0, _id: ObjectId('57744edb16608f349f2197fc') } ], ordered: true }

The message does not tell you which user failed the check, and also does not tell you which client/ip address the attempt came from (without back tracing in the logs).



 Comments   
Comment by Kevin Pulo [ 01/Jul/16 ]

Just for some additional context, back tracing in the logs to find the authentication attempts and/or connection creation information is undesirable because it tends to be problematic for long-lived connections. This is because it requires going back a long way in the logs, and these old logs might not be immediately available or might have been deleted (eg. logrotation).

Generated at Thu Feb 08 04:07:34 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.