We are trying to analyze Sonarqube audit logs. I am able to get audit logs calling api. Audit logs contain login information only. Is there a way to get logout information for each user?
Hi,
In our experience, user sessions are more likely to expire than to be logged out of. We focused on the logins.
HTH,
Ann
Hi again,
In fact, I was misreading the audit logs I was looking at. It turns out that we log neither login nor logout.
Could you share why you’re interested?
Thx,
Ann
I do see login information in the audit logs. We had a security issue recently and want to track login and logout for user information.
Below is the log information we see from audit log retrieved from sonarqube api: I removed values that are internal to out organization
{
“userLogin”: “”,
“createdAt”: “2024-08-25T19:00:21-0500”,
“userUuid”: “”,
“userTriggered”: true,
“category”: “USER_TOKEN”,
“operation”: “DELETE”,
“previousValue”: {
“userLogin”: “”,
“userUuid”: “”,
“tokenName”: “”
}
},
Hi,
Yeah… I thought that at first too. But the important part is not
That’s just the who.
Here’s what actually happened:
It reads better if we rearrange it:
“userLogin”: “foo”,
“operation”: “DELETE”,
“category”: “USER_TOKEN”,
Ann
The field createdAt, isnt this the time of login ?
“createdAt”: “2024-08-25T19:00:21-0500”,
Hi,
It’s the time the user took the action in question.
From the answer I got when I asked about this internally:
…audit logs are meant to track changes. So we do track account updates, token creations, permission changes, etc. Login/out events are not changes per se so if the question arose back then, I guess that was the explanation to not track them.
Login events are outputted in web.log in DEBUG mode, and last connection date is also updated (at least once an hour). This is nothing as usable as audit logs but just to list what we have.
Again, would you mind sharing why you want / need to track login and logout?
Thx,
Ann
Ok. Is there an api available to weblog that has login and logout information.
For your question “would you mind sharing why you want / need to track login and logout?”,
answer is “We had a security issue recently and want to track login and logout for user information.”.
1 Like
Hi,
There’s no API for that. You’ll need file system access. The logs are in $SONARQUBE-HOME/logs.
HTH,
Ann
Thanks . I will check it out .
I tried looking up access and web logs but i did not find any relevant information with users in logs. Please suggest if i am missing something
/api/system/logs?process=web
/api/system/logs?process=access
Hi,
Default logging mode is INFO, so you’re not likely to be able to pull this retroatively. You would need to bump the log level up to be able to pull this info in the future. But be aware that there’s no way to set the level for logs individually, so you’ll set them all to DEBUG, and in DEBUG mode, they get big, fast.
HTH,
Ann
Makes sense. Thanks .
Hi again,
I… keep being wrong on this topic. If you adjust the log level via the UI (Administration → System) then you set all logs at once. But I was just looking through $SONARQUBE-HOME/conf/sonar.properties and was reminded that at that level, you can set the logging levels individually:
# Level of logs of each process can be controlled individually with their respective properties.
# When specified, they overwrite the level defined at global level.
# Supported values are INFO, DEBUG and TRACE
#sonar.log.level.app=INFO
#sonar.log.level.web=INFO
#sonar.log.level.ce=INFO
#sonar.log.level.es=INFO
Note that this requires file system access and a restart to kick in.
HTH,
Ann