Description
To reproduce:
1. Start a 5.5.x (possibly affects all 5.x versions) Couchbase Server cluster.
2. Go to Security -> Audit , and add a user under "Ignore Filterable Events From These Users"
3. Use a client to add/edit a document, maybe something like
/opt/couchbase/bin/cbworkloadgen -i 1 -b testB -u david -p password
|
4. Check audit logs "cat /opt/couchbase/var/lib/couchbase/logs/audit.log", you will see document mutation logged:
{"timestamp":"2019-04-02T10:15:46.446519Z","peername":"127.0.0.1:37730","sockname":"127.0.0.1:11210","real_userid":{"domain":"memcached","user":"david"},"bucket":"testB","key":"<ud>pymc0</ud>","id":20490,"name":"document modify","description":"Document was modified"}
|
Seems to be related to how domain is being set in the event payload.
Attachments
Issue Links
- backports to
-
MB-35534 [BP 5.5.x] [BP 6.0.x] Filterable audit events for filtered (whitelisted) users are still being logged in audit log
- Closed