Hey folks!
I’m trying to get username and email in boundary audit logs in cleartext. But still have no success in that.
The manual says we need to apply the following config for the sink :
audit_config {
audit_filter_overrides {
sensitive = ""
}
but when I make set this audit_filter_overrides, wanted fields just disappear from the logfile.
And when I set sensitive to “encrypt” or “hmac-sha256” or “redact” these fields appear in the logfile in encrypted or hmac or [REDACTED] from.
So please advice me how to get username and email in cleartext in logs. Otherwise there is not much sense in them. Because the main purpose of audit logs is to get info about who did what and when
the boundary version is 0.14.1
the hole config of the events is the following:
events {
audit_enabled = true
observations_enabled = true
sysevents_enabled = false
sink {
name = "session-sink"
description = "Authorize session requests and services sent to a file"
event_types = ["audit"]
format = "cloudevents-json"
allow_filters = [
"\"/data/request_info/path\" contains \":authorize-session\"",
"\"/data/request_info/method\" contains \"SessionService\"",
]
file {
path = "/var/log/boundary"
file_name = "sessions.log"
}
audit_config {
audit_filter_overrides {
sensitive = ""
}
}
}
sink {
name = "auth-sink"
description = "Authentications sent to a file"
event_types = ["observation"]
format = "cloudevents-json"
allow_filters = [
"\"/data/request_info/path\" contains \":authenticate\""
]
file {
path = "/var/log/boundary"
file_name = "auth.log"
}
audit_config {
audit_filter_overrides {
sensitive = ""
}
}
}
sink {
name = "controller-audit-sink"
description = "Audit sent to a file"
event_types = ["audit"]
format = "cloudevents-json"
file {
path = "/var/log/boundary"
file_name = "controller.log"
}
audit_config {
audit_filter_overrides {
sensitive = ""
}
}
}
}