Feature #12464
closed
Option to control log level of authentication messages in system logs ("Emergency" vs "Notice" level)
Added by Steve Wheeler about 3 years ago.
Updated over 1 year ago.
Plus Target Version:
23.05
Description
All authentication logs are send with the Level set as Emergency even when authentication is successful:
Syslog message: AUTH.EMERG: Oct 16 01:05:04 localhost php-fpm[337]: /index.php: Successful login for user 'admin' from: 172.21.16.5 (Local Database)\n
0010 0... = Facility: AUTH - security/authorization messages (4)
.... .000 = Level: EMERG - system is unusable (0)
Message: Oct 16 01:05:04 localhost php-fpm[337]: /index.php: Successful login for user 'admin' from: 172.21.16.5 (Local Database)\n
This causes a problem for some syslog collectors that don't expect to see Emergency level messages unless 'system is unusable' is actually true.
It appears that is because we do not set a level to use in the log_auth function. This should probably be set as Level NOTICE.
Files
- Status changed from New to Pull Request Review
The current behavior is intentional since it triggers the login "beep" and console message.
If we change this at all, it should key off the user option to suppress the login messages on system_advanced_admin.php. Instead of suppressing the log message entirely it could just change the level as done in the PR to stop the beeping. Or it could have three choices "Default (enabled)", "Log at lower level", and "Disabled" or something along those lines.
If a syslog server has a problem with certain log levels, that's on the user and their server to fix, not us.
- Target version changed from 2.6.0 to CE-Next
- Plus Target Version changed from 22.01 to 22.05
- Plus Target Version changed from 22.05 to 22.09
- Plus Target Version changed from 22.09 to 22.11
- Plus Target Version changed from 22.11 to 23.01
- Status changed from Pull Request Review to New
- Plus Target Version changed from 23.01 to 23.05
Needs re-designed as I suggested, just lowering the log level unilaterally will have other unintended effects.
- Related to Feature #14002: Option to enable/disable console bell, enabled by default added
- Status changed from New to In Progress
- Assignee set to Jim Pingle
- Target version changed from CE-Next to 2.7.0
Now that the console bell behavior is split off from this (See #14002) I think what we should do here is just keep the current option on/off but change the underlying behavior:
Current:
- Checked: no log message
- Unchecked: log message at
LOG_AUTH (emergency) level
This is insecure because without the log message there is no log of the event at all, so I think we should do away with the option to completely disable the log message and instead go with:
- Checked: log message at
LOG_NOTICE|LOG_AUTH level so the actual level is reduced
- Unchecked: log message at
LOG_AUTH level
Between this option and the console bell option it should be able to get any of the desired behaviors but in a more secure manner.
- Status changed from In Progress to Feedback
- % Done changed from 0 to 100
- Status changed from Feedback to Resolved
Tested on 22.05 (built on Fri Apr 07 01:20:44 UTC 2023).
There is 'GUI login messages' option available in /System/Advanced/Admin Access.
After checking this option Syslog Auth messages were sent as NOTICE Level
I marked this Bug as resolved.
- Tracker changed from Bug to Feature
- Subject changed from Syslog Auth messages are sent as Emergency Level to Option to control log level of authentication messages in system logs ("Emergency" vs "Notice" level)
- Affected Version deleted (
All)
- Affected Architecture deleted (
All)
Updating subject for release notes.
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by