-
Notifications
You must be signed in to change notification settings - Fork 8.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Include client IP address in audit log #147526
Conversation
Documentation preview: |
Pinging @elastic/kibana-security (Team:Security) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM for Core changes
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
@gchaps Are you happy with the documentation changes? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM with one minor suggestion.
Co-authored-by: gchaps <33642766+gchaps@users.noreply.github.com>
💚 Build Succeeded
Metrics [docs]Public APIs missing comments
Public APIs missing exports
Unknown metric groupsAPI count
ESLint disabled in files
ESLint disabled line counts
Total ESLint disabled count
History
To update your PR or re-run it, just comment with: |
This reverts commit a02c7dc.
Reverts #147526 Reverting due to errors when using `FakeRequest`: ``` TypeError: Cannot read properties of undefined (reading 'remoteAddress') at KibanaSocket.get remoteAddress [as remoteAddress] (/Users/shahzad-16/elastic/kibana/node_modules/@kbn/core-http-router-server-internal/target_node/src/socket.js:25:24) at Object.log (/Users/shahzad-16/elastic/kibana/x-pack/plugins/security/server/audit/audit_service.ts:95:32) at runMicrotasks (<anonymous>) at processTicksAndRejections (node:internal/process/task_queues:96:5) Terminating process... server crashed with status code 1 ```
Follow up to #147526 which had to be reverted. Resolves #127481 ## Release notes Include IP address in audit log ## Testing 1. Start Elasticsearch with trial license: `yarn es snapshot --license trial` 2. Update `kibana.dev.yaml`: ```yaml xpack.security.audit.enabled: true xpack.security.audit.appender: type: console layout: type: json ``` 3. Observe audit logs in console when interacting with Kibana: ```json { "@timestamp": "2022-12-13T15:50:42.236+00:00", "message": "User is requesting [/dev/internal/security/me] endpoint", "client": { "ip": "127.0.0.1" }, "http": { "request": { "headers": { "x-forwarded-for": "1.1.1.1, 127.0.0.1" } } } } ``` Note: You will see the `x-forwarded-for` field populated when running Kibana in development mode (`yarn start`) since Kibana runs behind a development proxy. Co-authored-by: gchaps <33642766+gchaps@users.noreply.github.com> Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Resolves #127481
Release notes
Include IP address in audit log
Testing
kibana.dev.yaml
:Note: You will see the
x-forwarded-for
field populated when running Kibana in development mode (yarn start
) since Kibana runs behind a development proxy.