[NEW] Enhancement request for acl log command

[nadirdbit]

Failure recorded in age-seconds - believe age-timestamp will be more helpful from an audit perspective

The ACL log is stored in memory, in Redis itself. By default, the log stores 128 entries, but this is configurable.
Instead of getting overwritten in a circular manner, it could be persisted on disk every 'n' seconds [configurable] so that these entries aren't lost and preserved as audit history.

Thank you.

[itamarhaber]

Hello @nadirdbit

Thanks for making the feature request. I'm afraid that changing the API will break compatibility, but adding the absolute timestamp can be considered. However, I'm not sure where you got the above quote from, can you provide the context?

[nadirdbit]

Hi Itamar/Team, This quote was obtained from training session RU330. Thank you. Nadir

…

On Wed, Aug 26, 2020 at 10:21 AM Itamar Haber ***@***.***> wrote: Hello @nadirdbit <https://github.com/nadirdbit> Thanks for making the feature request. I'm afraid that changing the API will break compatibility, but adding the absolute timestamp can be considered. However, I'm not sure where you got the above quote from, can you provide the context? — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#7711 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AP5GFC6PPFVPOPP6YERDETLSCUSAJANCNFSM4QLHMVUA> .

[madolson]

@nadirdbit From an audit perspective, would you be interested in logging every single entry into the log instead of trying to group them together?

[nadirdbit]

Hi Madelyn/All, It will likely be best for all failures to be logged - to minimize log flooding, user account should get locked after a customizable 'n' such consecutive failures and after user account locked, further failures can be suppressed. Once user account is unlocked, any recurrent failures going forward should continue to be logged. A grouping by user account for requisite timeframe would be helpful via RedisInsight using an appropriate auditor-related role for viewing this failure exception data from acl.log and corresponding archives. Thank you. Nadir

…

On Thu, Aug 27, 2020 at 5:53 PM Madelyn Olson ***@***.***> wrote: @nadirdbit <https://github.com/nadirdbit> From an audit perspective, would you be interested in logging every single entry into the log instead of trying to group them together? — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#7711 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AP5GFC7FQWBQMNFUT5CCDQ3SC3PWZANCNFSM4QLHMVUA> .