We’re currently enjoying working with a SonarQube instance to perform our source code analysis. However, we have a strict company policy concerning information security events that ought to be gathered for all our systems including SonarQube. It dictates that every such event should be properly logged and ought to include the following information: the action that was performed (e.g. a user was added to a group), the user who performed this action (e.g. who added the abovementioned user to that group), IP address from where the action was performed, the results of the action if they were different from the description of the action itself, the time when it was done as well as the object that was tempered with (e.g. what user was added to what group).
Unfortunately, we discovered that our current log file does not meet the requirements stated by the company policy, the fact that may have severe ramifications in terms maintaining all items in our software inventory list.
How we can add this information to any of the SonarQube log files?
I also include an example of a log file that we have now.
195.26.180.43 - - [20/Nov/2020:17:23:24 +0300] “POST /sonar/api/user_groups/delete HTTP/1.1” 204 - “http://172.29.39.63:9000/sonar/admin/groups” “Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:83.0) Gecko/20100101 Firefox/83.0” “AXXmBDHhUSMRG7ZZAAAu”
195.26.180.43 - - [20/Nov/2020:17:22:59 +0300] “POST /sonar/api/user_groups/create HTTP/1.1” 200 - “http://172.29.39.63:9000/sonar/admin/groups” “Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:83.0) Gecko/20100101 Firefox/83.0” “AXXmBDHhUSMRG7ZZAAAt”
The log files we used:
/var/log/sonar/access.log;
/var/log/sonar/web.log.
SonarQube version: Enterprise Edition 8.4.2