Redis [NEW] Enhancement request for acl log command

Failure recorded in age-seconds - believe age-timestamp will be more helpful from an audit perspective

The ACL log is stored in memory, in Redis itself. By default, the log stores 128 entries, but this is configurable. Instead of getting overwritten in a circular manner, it could be persisted on disk every 'n' seconds [configurable] so that these entries aren't lost and preserved as audit history.

Thank you.

Comment From: itamarhaber

Hello @nadirdbit

Thanks for making the feature request. I'm afraid that changing the API will break compatibility, but adding the absolute timestamp can be considered. However, I'm not sure where you got the above quote from, can you provide the context?

Comment From: nadirdbit

Hi Itamar/Team,

This quote was obtained from training session RU330.

Thank you.

Nadir

On Wed, Aug 26, 2020 at 10:21 AM Itamar Haber notifications@github.com wrote:

Hello @nadirdbit https://github.com/nadirdbit

Thanks for making the feature request. I'm afraid that changing the API will break compatibility, but adding the absolute timestamp can be considered. However, I'm not sure where you got the above quote from, can you provide the context?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/redis/redis/issues/7711#issuecomment-680947970, or unsubscribe https://github.com/notifications/unsubscribe-auth/AP5GFC6PPFVPOPP6YERDETLSCUSAJANCNFSM4QLHMVUA .

Comment From: madolson

@nadirdbit From an audit perspective, would you be interested in logging every single entry into the log instead of trying to group them together?

Comment From: nadirdbit

Hi Madelyn/All,

It will likely be best for all failures to be logged - to minimize log flooding, user account should get locked after a customizable 'n' such consecutive failures and after user account locked, further failures can be suppressed. Once user account is unlocked, any recurrent failures going forward should continue to be logged.

A grouping by user account for requisite timeframe would be helpful via RedisInsight using an appropriate auditor-related role for viewing this failure exception data from acl.log and corresponding archives.

Thank you.

Nadir

On Thu, Aug 27, 2020 at 5:53 PM Madelyn Olson notifications@github.com wrote:

@nadirdbit https://github.com/nadirdbit From an audit perspective, would you be interested in logging every single entry into the log instead of trying to group them together?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/redis/redis/issues/7711#issuecomment-682230638, or unsubscribe https://github.com/notifications/unsubscribe-auth/AP5GFC7FQWBQMNFUT5CCDQ3SC3PWZANCNFSM4QLHMVUA .