Details
Description
Build 5.5.0-1944.
Setup:
- 1-node cluster
- 1 bucket
- Audit is enabled for all events
After performing the following operations:
- Enabling audit
- Connecting using invalid user name
- Connecting using valid user name
- Inserting, reading, updating documents
- Enabling bucket flush feature
- Flushing the bucket
I see only 4 audit events:
# jq '.' audit.log
|
{
|
"timestamp": "2018-02-20T14:29:40.177296-08:00",
|
"real_userid": {
|
"source": "internal",
|
"user": "couchbase"
|
},
|
"auditd_enabled": true,
|
"descriptors_path": "/opt/couchbase/etc/security",
|
"hostname": "172-23-133-13",
|
"log_path": "/opt/couchbase/var/lib/couchbase/logs",
|
"rotate_interval": 86400,
|
"version": 2,
|
"uuid": "19611918",
|
"id": 4096,
|
"name": "configured audit daemon",
|
"description": "loaded configuration file for audit daemon"
|
}
|
{
|
"timestamp": "2018-02-20T14:30:35.288667-08:00",
|
"peername": "172.23.133.10:59122",
|
"sockname": "172.23.133.13:11210",
|
"real_userid": {
|
"source": "memcached",
|
"user": "bucket-1"
|
},
|
"reason": "Unknown user",
|
"id": 20481,
|
"name": "authentication failed",
|
"description": "Authentication to the cluster failed"
|
}
|
{
|
"props": {
|
"compression_mode": "off",
|
"max_ttl": 0,
|
"storage_mode": "couchstore",
|
"eviction_policy": "value_only",
|
"num_threads": 3,
|
"flush_enabled": true,
|
"purge_interval": "undefined",
|
"ram_quota": 40359690240,
|
"num_replicas": 1
|
},
|
"type": "membase",
|
"bucket_name": "bucket",
|
"real_userid": {
|
"source": "ns_server",
|
"user": "Administrator"
|
},
|
"sessionid": "288ab628027e1513ed111dc6a786a12e",
|
"remote": {
|
"ip": "10.17.5.113",
|
"port": 58340
|
},
|
"timestamp": "2018-02-20T14:39:15.393-08:00",
|
"id": 8202,
|
"name": "modify bucket",
|
"description": "Bucket was modified"
|
}
|
{
|
"bucket_name": "bucket",
|
"real_userid": {
|
"source": "ns_server",
|
"user": "Administrator"
|
},
|
"sessionid": "fecec6605eec2a727e2f0f263d6354f2",
|
"remote": {
|
"ip": "10.17.5.113",
|
"port": 58348
|
},
|
"timestamp": "2018-02-20T14:39:23.196-08:00",
|
"id": 8204,
|
"name": "flush bucket",
|
"description": "Bucket was flushed"
|
}
|
> curl -s http://Administrator:password@172.23.133.13:8091/settings/audit | jq '.'
|
{
|
"disabled": [],
|
"uid": "19611918",
|
"auditdEnabled": true,
|
"disabledUsers": [],
|
"logPath": "/opt/couchbase/var/lib/couchbase/logs",
|
"rotateInterval": 86400,
|
"rotateSize": 20971520
|
}
|