Security Log Messages
For ease of grepping and analysis, the auditing log message uses KVAuditInfo
as a prefix. For example:
# General audit logging:
<Timestamp>: KVAuditInfo[user: <user_name>,
clienthost: <client_host>, operation:
<operation_description>, status: <SUCCESS/FORBIDDEN>,
reason: <failure_reason>]
# General audit logging:
# Particular logging for successful execution of plan:
<Timestamp>: KVAuditInfo[<plan_name>, owned by <plan_owner>,
executed by <plan_executor> from <client_host>,
state=<end state of plan execution>]
Note:
If the log files are compressed, you can use the gzcat
command to view the contents without uncompressing the zipped files. Use the zgrep
command to search the compressed log files. You can also uncompress the files into another directory. For more information, see Log File Compression in the Administrator's Guide.
To distinguish security related messages from standard log messages, the following two security related logging levels are introduced:
-
SEC_WARNING
Logs unauthenticated login, unauthorized read/write data access and unauthorized execution of CLI commands. Unauthenticated login does not log the reasons of failure.
-
SEC_INFO
Logs the success of a user login and the successful execution of plans that require
dbadmin
orsysadmin
role related privileges.