Security events

rjhansen's Avatar

rjhansen

12 Jan, 2018 05:26 PM

We work in a secure environment and want to be able to capture login failure events to a log (event viewer, log file, or other). The web page on Auditing specifies that Octopus is not tooled to capture these event types out-of-the-box. Can you folks offer some guidance on how we can go about getting this data? We're open to building tools (such as a script) that work alongside Octopus to gather this data but are not sure how to even access these events. Thanks.

https://octopus.com/docs/administration/auditing

  1. Support Staff 1 Posted by Michael Noonan on 15 Jan, 2018 04:34 AM

    Michael Noonan's Avatar

    Hi!

    Thanks for getting in touch! You are correct, we don't currently write any events to the audit log about authentication attempts/success/failure. We do write a warning message to the Octopus Server logs, but those are intended to be more informational.

    I have talked with other members of our team, and we've decided to raise this GitHub issue to address what we feel is the most important event: https://github.com/OctopusDeploy/Issues/issues/4163

    Does this sound like it will suit your needs?

    Hope that helps!
    Mike

  2. 2 Posted by rjhansen on 17 Jan, 2018 07:27 PM

    rjhansen's Avatar

    That is better than not logging login failures at all but it's not preferred. Is there any reason they can't be logged to the audit log like other activities?

  3. Support Staff 3 Posted by Michael Noonan on 29 Jan, 2018 10:33 PM

    Michael Noonan's Avatar

    Hi!

    At this point, the Audit Log in Octopus is all about recording successful actions which mutate the state of your world due to actions by authorized users. This would be the first set of events we'd start writing for anonymous users, and my concern about that is the potential impact of any anonymous user causing harm.

    At this point in time we feel like we are taking a good, if conservative, approach to the problem, and see where we decide to go from there.

    I'd be interested to understand if there is anything specific you would need beyond what we are planning to provide. :)

    Hope that helps!
    Mike

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:

»

Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac