[SERVER-42506] allowing audit log to be send to a log management server instead of a file on the host Created: 30/Jul/19  Updated: 06/Dec/22

Status: Open
Project: Core Server
Component/s: Logging, Security
Affects Version/s: None
Fix Version/s: 4.3 Desired

Type: New Feature Priority: Major - P3
Reporter: Jennifer Huang (Inactive) Assignee: Backlog - Security Team
Resolution: Unresolved Votes: 1
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
related to SERVER-2957 Add ability to log to syslog Closed
Assigned Teams:
Server Security
Participants:
Case:

 Description   

It'll be nice to be able to send the audit log or MongoD log to a server before it's written to a file on the localhost.

Motivation
Some customers are concerned about when the MongoD or MongoS process writing the audit log to a file, someone has access to the Linux user as the MongoD or MongoS process i.e all their DBAs can edit or delete the file.
So theoretically they can do something malicious then delete or amend the audit log to hide the fact that something bad have been done.

Ideal outcome
In the --auditDestination option allowing people to specify hostname and port of the log management server, and maybe another two options --auditLogUser and --auditLogPassword if the server needs authentication.

Thanks
Jen



 Comments   
Comment by Nic Cottrell [ 02/Aug/19 ]

Slightly relevant to this case/customer isĀ SERVER-2957. I understand that despite the initial description mentioning "remote syslog" that the final implementation only supports a local syslog destination. It would be good if normal (non-audit) logs could also be sent directly to a remote log server.

Generated at Thu Feb 08 05:00:40 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.