Security Log Messages
For ease of grepping and analysis, the auditing log message uses KVAuditInfo
as a prefix. For example:
# General audit logging:
<Timestamp>: KVAuditInfo[user: <user_name>,
clienthost: <client_host>, operation:
<operation_description>, status: <SUCCESS/FORBIDDEN>,
reason: <failure_reason>]
# General audit logging:
# Particular logging for successful execution of plan:
<Timestamp>: KVAuditInfo[<plan_name>, owned by <plan_owner>,
executed by <plan_executor> from <client_host>,
state=<end state of plan execution>]
To distinguish security related messages from standard log messages, the following two security related logging levels are introduced:
-
SEC_WARNING
Logs unauthenticated login, unauthorized read/write data access and unauthorized execution of CLI commands. Unauthenticated login does not log the reasons of failure.
-
SEC_INFO
Logs the success of a user login and the successful execution of plans that require
dbadmin
orsysadmin
role related privileges.