Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

v2.0.0-alpha.2 RestAccessLogFilter logs session id in place of username #1815

Closed
mikkolehtisalo opened this issue Feb 13, 2016 · 2 comments
Closed
Labels
Milestone

Comments

@mikkolehtisalo
Copy link
Contributor

@mikkolehtisalo mikkolehtisalo commented Feb 13, 2016

RestAccessLogFilter logs some kind of session id (?) in place remoteUser, for example:

2016-02-13_21:01:38.35149 2016-02-13 21:01:38,351 DEBUG: org.graylog2.rest.accesslog - 192.168.122.1 6ef0f337-7073-4be9-80ca-bb641f506944 [-] "POST cluster/1f7effbb-e6f4-4d97-a00d-ce7fc20fcf01/metrics/multiple" Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.103 Safari/537.36 200 -1

where 6ef0f337-7073-4be9-80ca-bb641f506944 should be admin. The id value should be decoded automatically into proper username, for audit purposes.

Generally audit logs should be self-sufficient, and users should be recognizable even after the user has been deleted from system. This is common requirement when you have longer data retention times than the actual system.

@kroepke kroepke added this to the 2.0.0 milestone Feb 14, 2016
@kroepke
Copy link
Member

@kroepke kroepke commented Feb 14, 2016

Good point, the UI now uses the REST API directly and thus the session id shows up instead. We'll see if we can translate it.

@mikkolehtisalo
Copy link
Contributor Author

@mikkolehtisalo mikkolehtisalo commented Mar 9, 2016

One solution: #1918

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants
You can’t perform that action at this time.