Security event logging

SonarQube01 · December 5, 2023, 7:11am

Version of SonarQube: Developer Edition 9.9.1 (build 69595)
SonarQube deployement method: Docker
Aim: I would like to log the following events:

authorization errors (ex. permission denied to Administration section)
All Administration actions

What has been done so far: The following configuration has been implemented:
sonar.forceAuthentication=true
sonar.log.level=INFO
sonar.security.realm=LDAP
sonar.web.accessLogs.pattern=%h %l %u [%t] “%r” %s %b “%i{Referer}” “%i{User-Agent}” “%reqAttribute{ID}” “%reqAttribute{LOGIN}”
sonar.log.level.app=TRACE
sonar.log.level.web=TRACE
sonar.log.level.ce=TRACE
sonar.log.level.es=TRACE
audit.globalSettings.permission=yes
audit.users=yes
audit.groups=yes

Thanks in advance for your help.

Colin · December 7, 2023, 9:07am

Hey there.

Rather than parsing access.log entries (which you can, but it will be painful), Audit Logs are available in the Enterprise Edition of SonarQube and above.