What do I see?
When using a Redis server with authentication enabled (either via the global setting or ACLs), no event is logged for either a successful or failed authentication attempt. Altering the loglevel does no affect the outcome.
What do I expect to see?
I would expect authentication events to be logged for loglevel notice and higher.
Environment
Ubuntu bionic Latest Redis, built from source
Background
Redis is now seen as a standard enterprise tool, and many enterprises are in regulated industries. Access control and audit trail are generally essential requirements of regulation.
Additionally, through using a third-party tool like fail2ban, audit trails like this can be used to throttle or block repeated failures.
Comment From: hwware
Hello, for the failed auth attempt you can get history by using ACL LOG command (https://redis.io/commands/acl-log), for successful auth request I don't think currently there is a way you can get it, maybe @antirez @itamarhaber has some thoughts on this?
Comment From: antirez
Hello, not sure what's the point about getting information about successful auth requests. Would be a huge flood in the log.
Comment From: theDogOfPavlov
Maybe make it selectable: success in debug loglevel, fails in verbose and above?
It's good that it's already captured in the ACL LOG command: should be easy to push it out to the log file, no? ;)
Comment From: theDogOfPavlov
Capturing the audit success is an important security control for insident response. If user bob always logs in from one source address, then logs in randomly from another, then it's something interesting to investigate etc.
It's the kind of thing that getrs pushed into SEIM platforms for automatic analysis.
Comment From: lifeofguenter
This should be configurable. Not only for auditing reasons but also for firewall automation (fail2ban). MySQL does this through log-levels: https://serverfault.com/questions/65255/log-mysql-login-attempts
Comment From: dandlcleaning
agreed. I would appreciate utlizing fail2ban