[SERVER-27184] Audit logs for connection opened and closed events Created: 25/Nov/16  Updated: 16/Oct/21  Resolved: 20/May/21

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: None
Fix Version/s: None

Type: Improvement Priority: Major - P3
Reporter: Emilio Scalise Assignee: Salman Baset
Resolution: Won't Do Votes: 1
Labels: Auditing, auditing, platforms-re-triaged, security
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Backports
Issue split
split to SERVER-53329 Create audit event for logout Closed
Related
Backwards Compatibility: Fully Compatible
Backport Requested:
v3.4, v3.2
Participants:
Case:

 Description   

MongoDB Audit feature doesn't allow to log the logout and connection opened/closed events.

Some countries require by law for certain business fields to retain audit log for such events.



 Comments   
Comment by annunziata martiello [ 13/Mar/19 ]

Hi,

Do you have any update on this open issue?

Best Regards,

Tina

Comment by Matt Lord (Inactive) [ 11/Feb/19 ]

Thank you, tinamartiello! That is very helpful.

Comment by annunziata martiello [ 08/Feb/19 ]

Hi Matt,

We have a national law, still valid:

Measures and arrangements applying to the controllers of processing operations performed with the help of electronic tools in view of committing the task of system administrator Decision dated 27 November 2008, as published in Italy´s Official Journal no. 300 of 24 December 2008 and amended by a Decision of the Italian DPA dated 25 June 2009 as published in Italy´s Official Journal of 30 June 2009.

 

We must collect, preserve and keep in unalterable way, logs related to administrative's activity on rdbms with personal data.

 

In the specific, we must trace login, logout and failed login to rdbms with the purpose of check the activities of the administrators.

The audit logs must include: username, IP address, timestamp, indication of the event (i.e. login/logout/login failed) and possibly the software used within the connection.

 

Here you can find more information regarding the law:

 

https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/1628774

Thank you very much,

Best Regards,

Tina

Comment by Matt Lord (Inactive) [ 01/Feb/19 ]

Hi tinamartiello,

Can you help me understand the specific legal requirements involved here? We tried to find something related in GDPR but could not find any specific requirements around this. Perhaps this is a localized law or regulation of some sort? Having more details would be very helpful in prioritizing this work.

Thank you for the helpful input! 

Best Regards

Comment by annunziata martiello [ 22/Jan/19 ]

Do you have any update on this feature? It's essential log connection logout for GDPR compliance.

Thank you,

Tina

Generated at Thu Feb 08 04:14:24 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.