-
Notifications
You must be signed in to change notification settings - Fork 123
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Log authentication and login failures at the info
level, rather than debug
#1377
Comments
1 task
micahlee
added
needs-review/security
needs-review/field
and removed
needs-review/field
labels
Mar 27, 2020
Blocked by #1464 |
3 tasks
orenbm
changed the title
Log authentication and login failures at the
Log authentication and login failures at the Jun 29, 2020
warn
level, rather than debug
info
level, rather than debug
Unblocked by #1464 as we found no issue in logging these messages in INFO level |
2 tasks
2 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The generic
401
error response from authenticators (specificallyauthn-k8s
) can have a variety of root causes, some of them not directly related to the authentication credentials themselves, but rather issues with the authenticator configuration.Currently the way to gather more information for a authentication failures is to increase the log level for Conjur to
debug
. However, this also turns on logging of all database queries, and because the rotator process executes a SQL query every second for pending rotations, this makes it very difficult to find the information you're looking for.The proposal to improve this experience is to log authentication failures at the
info
log level, rather thandebug
.The text was updated successfully, but these errors were encountered: