[SERVER-36938] When authorization is enabled, unauthorized and user actions should be logged as well. Created: 30/Aug/18  Updated: 27/Oct/23  Resolved: 30/Aug/18

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Improvement Priority: Major - P3
Reporter: Thomas Sjögren Assignee: Nick Brewer
Resolution: Works as Designed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Participants:

 Description   

Currently when authorization is enabled, only failed logins seems to be logged.
Logging both unauthorized (using no password or username),  and authorized connections would simplify server monitoring and management.

$ sudo rpm -qa | grep mongo
mongodb-org-server-3.4.15-1.el7.x86_64
mongodb-mms-monitoring-agent-6.6.2.464-1.x86_64
mongodb-org-tools-3.4.15-1.el7.x86_64
mongodb-org-mongos-3.4.15-1.el7.x86_64
mongodb-org-3.4.15-1.el7.x86_64
mongodb-org-shell-3.4.15-1.el7.x86_64
python-pymongo-2.5.2-4.el7.x86_64

storage:
   dbPath: /var/lib/mongo/data/placeholder/test3
   engine: wiredTiger
   journal:
      enabled: true
      commitIntervalMs: 10
   wiredTiger:
      engineConfig:
         cacheSizeGB: 75
systemLog:
   destination: syslog
processManagement:
   fork: true
   pidFilePath: /var/run/mongodb/placeholder.pid
net:
   bindIp: 127.0.0.1,10.X.X.X
   port: 27319
   http:
      RESTInterfaceEnabled: false
   wireObjectCheck: true
replication:
   replSetName: juno
   oplogSizeMB: 8192
security:
   keyFile: /etc/mongodb/placeholder.key
   clusterAuthMode: keyFile
   authorization: enabled
   transitionToAuth: true



 Comments   
Comment by Thomas Sjögren [ 31/Aug/18 ]

@nick.brewer see below,

systemLog: { component: { accessControl: { verbosity: 5 } }

doesn't seem to log anything but failed user login attempts.

 

 

Aug 31 16:52:04 testsrv02 mongod.27219[7989]: [initandlisten] options: { config: "/etc/mongodb/mongoplaceholder-test2.conf", net: { bindIp: "127.0.0.1,10.x.x.x", http: { RESTInterfaceEnabled: false }, port: 27219, wireObjectCheck: true }, processManagement: { fork: true, pidFilePath: "/var/run/mongodb/mongoplaceholder-test2.pid" }, replication: { oplogSizeMB: 8192, replSetName: "labs" }, security: { authorization: "enabled", clusterAuthMode: "keyFile", keyFile: "/etc/mongodb/mongoplaceholder-test2.key", transitionToAuth: true }, storage: { dbPath: "/var/lib/mongo/data/placeholder/test2", engine: "wiredTiger", journal: { commitIntervalMs: 10, enabled: true }, wiredTiger: { engineConfig: { cacheSizeGB: 75.0 } } }, systemLog: { component: { accessControl: { verbosity: 3 } }, destination: "syslog", quiet: true } }
Aug 31 17:10:40 testsrv02 mongod.27219[31841]: [initandlisten] options: { config: "/etc/mongodb/mongoplaceholder-test2.conf", net: { bindIp: "127.0.0.1,10.x.x.x", http: { RESTInterfaceEnabled: false }, port: 27219, wireObjectCheck: true }, processManagement: { fork: true, pidFilePath: "/var/run/mongodb/mongoplaceholder-test2.pid" }, replication: { oplogSizeMB: 8192, replSetName: "labs" }, security: { authorization: "enabled", clusterAuthMode: "keyFile", keyFile: "/etc/mongodb/mongoplaceholder-test2.key", transitionToAuth: true }, storage: { dbPath: "/var/lib/mongo/data/placeholder/test2", engine: "wiredTiger", journal: { commitIntervalMs: 10, enabled: true }, wiredTiger: { engineConfig: { cacheSizeGB: 75.0 } } }, systemLog: { component: { accessControl: { verbosity: 5 } }, destination: "syslog", quiet: true } }
Aug 31 17:23:48 testsrv02 mongod.27219[6415]: [initandlisten] options: { config: "/etc/mongodb/mongoplaceholder-test2.conf", net: { bindIp: "127.0.0.1,10.x.x.x", http: { RESTInterfaceEnabled: false }, port: 27219, wireObjectCheck: true }, processManagement: { fork: true, pidFilePath: "/var/run/mongodb/mongoplaceholder-test2.pid" }, replication: { oplogSizeMB: 8192, replSetName: "labs" }, security: { authorization: "enabled", clusterAuthMode: "keyFile", keyFile: "/etc/mongodb/mongoplaceholder-test2.key", transitionToAuth: true }, storage: { dbPath: "/var/lib/mongo/data/placeholder/test2", engine: "wiredTiger", journal: { commitIntervalMs: 10, enabled: true }, wiredTiger: { engineConfig: { cacheSizeGB: 75.0 } } }, systemLog: { component: { accessControl: { verbosity: 5 } }, destination: "syslog", quiet: true } }
Aug 31 17:25:37 testsrv02 mongod.27219[6415]: [conn37] SCRAM-SHA-1 authentication failed for readonly on admin from client 10.xx.xx.xxx:52430 ; AuthenticationFailed: SCRAM-SHA-1 authentication failed, storedKey mismatch
Aug 31 17:28:02 testsrv02 mongod.27219[6415]: [conn71] SCRAM-SHA-1 authentication failed for admin on admin from client 10.xx.xx.xxx:52560 ; AuthenticationFailed: SCRAM-SHA-1 authentication failed, storedKey mismatch
Aug 31 17:28:17 testsrv02 mongod.27219[6415]: [conn76] SCRAM-SHA-1 authentication failed for readonly on placeholder from client 10.xx.xx.xxx:52568 ; UserNotFound: Could not find user readonly@placeholder

 

Comment by Nick Brewer [ 30/Aug/18 ]

konstruktoid You can use db.setLogLevel to adjust the verbosity of logging for a particular component - in this case you would want to increase the log level of the access component.

Please note that SERVER project is for reporting bugs or feature suggestions for the MongoDB server. For MongoDB-related support discussion please post on the mongodb-user group or Stack Overflow with the mongodb tag.

-Nick

Generated at Thu Feb 08 04:44:30 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.