Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Log authentication and login failures at the info level, rather than debug #1377

Closed
micahlee opened this issue Feb 28, 2020 · 2 comments · Fixed by #1657
Closed

Log authentication and login failures at the info level, rather than debug #1377

micahlee opened this issue Feb 28, 2020 · 2 comments · Fixed by #1657
Assignees
@micahlee @orenbm
Labels
kind/enhancement needs-review/security
Milestone
PalmTree - sprint...

Comments

@micahlee
Copy link
Contributor

micahlee commented Feb 28, 2020
edited by orenbm
Loading

The generic 401 error response from authenticators (specifically authn-k8s) can have a variety of root causes, some of them not directly related to the authentication credentials themselves, but rather issues with the authenticator configuration.

Currently the way to gather more information for a authentication failures is to increase the log level for Conjur to debug. However, this also turns on logging of all database queries, and because the rotator process executes a SQL query every second for pending rotations, this makes it very difficult to find the information you're looking for.

The proposal to improve this experience is to log authentication failures at the info log level, rather than debug.
@micahlee micahlee self-assigned this Feb 28, 2020
@micahlee micahlee mentioned this issue Feb 28, 2020
Closed
1 task
@micahlee micahlee mentioned this issue Mar 31, 2020
Closed
@micahlee
Copy link
Contributor Author

Blocked by #1464

@micahlee micahlee mentioned this issue May 11, 2020
Closed
@orenbm orenbm mentioned this issue May 12, 2020
Closed
3 tasks
@micahlee micahlee mentioned this issue May 19, 2020
Closed
@orenbm orenbm changed the title Log authentication and login failures at the warn level, rather than debug Log authentication and login failures at the info level, rather than debug Jun 29, 2020
@orenbm
Copy link
Member

orenbm commented Jun 29, 2020

Unblocked by #1464 as we found no issue in logging these messages in INFO level

@orenbm orenbm mentioned this issue Jun 29, 2020
Merged
2 tasks
@orenbm orenbm linked a pull request Jun 29, 2020 that will close this issue
Log authentication and login errors in info #1657
Merged
2 tasks
@orenbm orenbm self-assigned this Jun 29, 2020
@orenbm orenbm added this to the PalmTree - sprint 2014 milestone Jun 29, 2020
@InbalZilberman InbalZilberman mentioned this issue Jan 26, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@micahlee micahlee

@orenbm orenbm

Labels
kind/enhancement needs-review/security
Milestone
PalmTree - sprint 2014
Development

Successfully merging a pull request may close this issue.

Log authentication and login errors in info cyberark/conjur
2 participants
@micahlee @orenbm