Appendix A. Audit log | Enterprise

Version:

latest
Tarantool
Check out the new release policy
Appendixes Appendix A. Audit log

Appendix A. Audit log

Audit log provides records on the Tarantool DBMS events in the JSON-format. The following event logs are available:

  • successful/failed user authentication and authorization,
  • closed connection,
  • password change,
  • creation/deletion of a user/role,
  • enabling/disabling a user,
  • changing privileges of a user/role.

Log structure

Key Type Description Example
type string type of event
<“access_denied”>
type_id number id of event
<8>
description string description of event
<“Authentication failed”>
time string time of event
<“YYYY-MM-DDTHH:MM:SS.03f[+|-]GMT”>
peer string remote client
<“ip:port”>
user string user
<“user”>
param string parameters of event see below

Events description

Event Key Parameters
user authorized successfully auth_ok
{“name”: “user”}
user authorization failed auth_fail
{“name”: “user”}
user logged out or quit the session disconnect  
failed access attempts to secure data (personal records, details, geolocation, etc.) access_denied
{“name”: “obj_name”,
“obj_type“: “space”,
“access_type”: “read”}
creating a user user_create
{“name”: “user”}
dropping a user user_drop
{“name”: “user”}
disabling a user user_disable
{“name”: “user”}
enabling a user user_enable
{“name”: “user”}
granting (changing) privileges (roles, profiles, etc.) for the user user_priv
{“name”: “user”}
“obj_name”: “obj_name”,
“obj_type”: “space”,
“old_priv”: “”,
“new_priv”: “read,write”}
resetting password of the user (the user making changes should be specified) password_change
{“name”: “user”}
creating a role role_create
{“name”: “role”}
granting (changing) privileges for the role role_priv
{“name”: “role”}
“obj_name”: “obj_name”,
“obj_type”: “space”,
“old_priv”: “”,
“new_priv”: “read,write”}