Add additional user actions in Audit events
Description
As part of the Audit events, we need to log important user actions.
We currently track user authentication data as part of GitLab CE.
All new functionality is only available to GitLab EEP.
This is to be recorded when the user does the actions below.
- Add a new email address
- Remove an email address
- Password change
- Forget password
- Failed to login
- Add SSH key
- Grant Oauth access
Additional information to be recorded:
- Timestamp
- IP address
This information is available instance wide, in a new tab in the administration panel, under 'Audit events'.
Example
| Author | Object | Action | Target | IP Address | Date |
|---|---|---|---|---|---|
| Mike Bartlett | mydigitalself | Add email address | mike@hipgeeks.net | 192.168.0.1 | Timestamp |
| Mike Bartlett | mydigitalself | Remove email address | mike@hipgeeks.net | 192.168.0.1 | Timestamp |
| Mike Bartlett | mydigitalself | Change password | 192.168.0.1 | Timestamp | |
| Mike Bartlett | mydigitalself | Ask for password reset | 192.168.0.1 | Timestamp | |
| Mike Bartlett | mydigitalself | Login failed | 192.168.0.1 | Timestamp | |
| Mike Bartlett | mydigitalself | Add SSH key | 192.168.0.1 | Timestamp | |
| Mike Bartlett | mydigitalself | Grant oAuth Access | App Name | 192.168.0.1 | Timestamp |
References
Part of meta issue about logs: https://gitlab.com/gitlab-org/gitlab-ee/issues/579
Activity
mentioned in issue #579
changed milestone to %9.3
assigned to @jameslopez
Additional information to be recorded:
- Timestamp
- IP address
These are already recorded as part of my work on https://gitlab.com/gitlab-org/gitlab-ee/issues/2336
mentioned in merge request !1927 (closed)
mentioned in merge request !2103 (merged)
@mydigitalself is this EE Premium as well? If so, can you please add the label? Thanks!
@jameslopez apologies, it wasn't explicitly stated, but assumed it would be EE Premium as part of the broader issue: https://gitlab.com/gitlab-org/gitlab-ee/issues/579
Was this implemented as EE Premium from a licensing perspective?
@mydigitalself nope :( We'll have to add that logic to the server-wide audit events as well. Sorry, we missed that!
-
@jameslopez thanks! yip, group fail there.
changed milestone to %9.4
mentioned in merge request gitlab-com/www-gitlab-com!5804 (merged)
mentioned in merge request !2232 (merged)
added Deliverable label
changed milestone to %9.5
mentioned in merge request !2587 (merged)
changed milestone to %10.0
-
@jameslopez @DouweM what is the status of this?
@mydigitalself this has been partially implemented.
So far we have done these three bits:
- Failed to login
Additional information to be recorded:
- Timestamp
- IP address
And refactored the code to easily record new events. I'll try to add the rest of events for 10.1.
changed milestone to %10.1
-
@jameslopez was just taking a look at this and noticed this issue is missing EE Premium label, which is on the parent.
Is it a big problem to make these adjustments behind EEP License such that the additional actions are EEP and the basic actions we already have (just authentication afaik).
@mydigitalself that should be fine
@mydigitalself at the moment we have the following license checks:
- If the entity is a project, we check if the license is EES, if not we don't log anything.
- If the entity is not a project, we log everything, regardless of CE/EE or license.
- We only record the full path and the IP address if the license is EEP
This was discussed here - https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/2326#note_34951025
Am I right saying that what we need to change is point 2, to:
- For CE or EE with license < EEP, only log auth events. For EEP we log all events.
/cc @to1ne
added In dev label
-
@jameslopez correct!
closed via merge request !2103 (merged)
