SQ server audit logging?

SonarQube Server / Community Build
1

Hi, we’re evaluating SonarQube 7.9.1 CE (for the time-being). One of our requirements is audit logging (roughly who did what and when). Out of the box, I am seeing no such audit logging capability. For the most simple example, I can login to the web UI and there is nothing in the logs matching my username (jblaine).

[m26560@etc-sonarqube-dev logs]$ grep -i jblaine *
[m26560@etc-sonarqube-dev logs]$

I saw nothing in the “Administering an Instance” docs, the forums, or the FAQ about audit logging.

I already set sonar.web.accessLogs.enable=true in sonar.properties but there is no user attribution in the log lines:

172.31.135.179 - - [13/Aug/2019:16:07:56 -0400] "POST /api/authentication/login HTTP/1.1" 200 ...etc...

Does anyone have any idea?
Jeff

2

Hi Jeff :wave:

There are some good insights in this suggestion thread:

Notably, sonar.web.accessLogs.pattern in your sonar.properties (make sure to check-out reqAttribute{LOGIN} , mentioned in the comment of that property).

3

I am not sure how I missed the mention of %reqAttribute{LOGIN} in the sonar.properties :sleeping:. Thanks, Nicolas.

4

Hi Jeff. Did you check? Did %reqAttribute{LOGIN} work for you? It’s still showing “-” for me.

5

I know it’s a very late response, but if someone reading this thread is having the same issue of @Arlington1985 try to log out and log in again after having restarted the SonarQube server.

6

@Arlington1985, yes it worked for me.