1. Security Guide
  2. Audit Logging
  3. Security Log Messages

Security Log Messages

For ease of grepping and analysis, the auditing log message uses KVAuditInfo as a prefix. For example: 

# General audit logging:
<Timestamp>: KVAuditInfo[user: <user_name>, 
clienthost: <client_host>, operation: 
<operation_description>, status: <SUCCESS/FORBIDDEN>,
reason: <failure_reason>] 
# General audit logging:
# Particular logging for successful execution of plan:
<Timestamp>: KVAuditInfo[<plan_name>, owned by <plan_owner>, 
executed by <plan_executor> from <client_host>, 
state=<end state of plan execution>]

Note:

If the log files are compressed, you can use the gzcat command to view the contents without uncompressing the zipped files. Use the zgrep command to search the compressed log files. You can also uncompress the files into another directory. For more information, see Log File Compression in the Administrator's Guide.

To distinguish security related messages from standard log messages, the following two security related logging levels are introduced:

  • SEC_WARNING

    Logs unauthenticated login, unauthorized read/write data access and unauthorized execution of CLI commands. Unauthenticated login does not log the reasons of failure.

  • SEC_INFO

    Logs the success of a user login and the successful execution of plans that require dbadmin or sysadmin role related privileges.