[SERVER-28956] Access Control not logging successful logins on MongoDB 3.4 Community Created: 25/Apr/17 Updated: 31/May/17 Resolved: 03/May/17 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Admin, Security |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Jeferson Lucas da Costa Santana | Assignee: | Mark Agarunov |
| Resolution: | Cannot Reproduce | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Attachments: |
|
| Operating System: | ALL |
| Participants: |
| Description |
|
After adjust the verbosity of the parameter "accessControl" with the command: The log file still not login successful login. On mongo 3.2: On mongo 3.4: So I can NOT upgrade my environment from 3.2 to 3.4 safely. Best Regards |
| Comments |
| Comment by Jeferson Lucas da Costa Santana [ 04/May/17 ] | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
I find out the problem: The systemctl call by default uses: After some test I changed to Procedures to chance Systemctl on Ubuntu: And the problem was solved! | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Comment by Mark Agarunov [ 03/May/17 ] | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Hello jefersonlucascs, Unfortunately I am unable to reproduce this when testing on both Ubuntu 16.04 and Debian 8.1 and matching build versions of MongoDB. I am seeing both successful and unsuccessful auth being logged as expected. For MongoDB-related support discussion please post on the mongodb-user group or Stack Overflow with the mongodb tag. A question like this involving more discussion would be best posted on the mongodb-user group. Thanks, | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Comment by Jeferson Santana [ 28/Apr/17 ] | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Thanks for the Feedback Mark, in my case the successful auth is not logging the username on those environments: One important information: Env1:
env2:
env3:
Example of log on Ubuntu:
The sucessfull does not apear the username. I just tested on Community version is it possible to have differences between Community and Enterprise version about LOG verbosity aspects? Best Regards, | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Comment by Mark Agarunov [ 27/Apr/17 ] | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Hello jefersonlucascs, Thank you for providing this information. Unfortunately, I haven't been able to reproduce the behavior you are seeing. In both MongoDB 3.2 and 3.4 I am seeing successful authentication in the logs, even with the default verbosity:
Also note that the Auditing functionality provided by MongoDB Enterprise, specifically the auditAuthorizationSuccess setting, would allow for substantially more detailed logging on authentication and authorization. Thanks, | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Comment by Jeferson Lucas da Costa Santana [ 27/Apr/17 ] | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Complete logs from mongod - mongod_log_wrong_auth.log On the log I also tried to put wrong password and only then the user "santanaj" appears on the log file. The problem is that it's important to now who open the authentication in the logs and this information is not available. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Comment by Mark Agarunov [ 26/Apr/17 ] | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Hello jefersonlucascs, Thank you for the report. To help us better understand what may be causing this behavior, please provide the following:
Thanks, |