HI,
I have a question on the way 4.0.12 up to neo4j 4.2 (versions) audits LOGIN actions.
I am using 4.0.12 version, when I login ( remote/local login ) using cypher-shell client and I check the 2 log files
- In the query.log I get this 2 log lines, but there is no information here that can indicate that I did a login. I see only the CALL db.ping() action, but this action can be run even when the user is already login to the database so it does not help.
log line from 4.0.12
2022-01-13 23:48:28.970+0000 INFO Query started: id:7 - 0 ms: bolt-session bolt neo4j-cypher-shell/v4.4.3 client/127.0.0.1:57806 server/127.0.0.1:7687> neo4j - MY_USER - CALL db.ping() - {} - {}
2022-01-13 23:48:28.972+0000 INFO id:7 - 1 ms: bolt-session bolt neo4j-cypher-shell/v4.4.3 client/127.0.0.1:57806 server/127.0.0.1:7687> neo4j - MY_USER - CALL db.ping() - {} - {}
I know that in the previous versions when I did a LOGIN I would get 2 log lines with RETURN 1, that I could use to identify that it is a success login example :
2022-01-11T01:27:12.983561+00:00 2022-01-11 01: 27:06.914+0000 INFO Query started: id:466 - 0 ms: (planning: 0, waiting: 0) - 0 page hits, 0 page faults - bolt-session#011bolt#011neo4j-cypher-shell/v4.2.2#011#011client/MY_IP:40984#011server/SERVER_IP:7687>#011neo4j - MY_USER- RETURN 1 - {} - {}
2022-01-11T01:27:12.983561+00:00 2022-01-11 01: 27:06.915+0000 INFO id:466 - 0 ms: (planning: 0, waiting: 0) - 0 page hits, 0 page faults - bolt-session#011bolt#011neo4j-cypher-shell/v4.2.2#011#011client/MY_IP:40984#011server/SERVER_IP:7687>#011neo4j - MY_USER- RETURN 1 - {} - {}
- The login is also in the security.log, but here the only information that I get is the database user name . I don't have the: client_ip, server_ip, application program, network protocol
Could this information be added here in the 'security.log" ?
example of current log , for a login action
2022-01-13 23:48:28.886+0000 INFO [my_user]: logged in
2022-01-13 23:48:28.966+0000 INFO [my_user]: logged in