Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[TIP] Explain the different auditing features #12

Open
cudeso opened this issue May 5, 2022 · 6 comments
Open

[TIP] Explain the different auditing features #12

cudeso opened this issue May 5, 2022 · 6 comments
Labels
tip A new tip

Comments

@cudeso
Copy link
Owner

cudeso commented May 5, 2022

Category

Administration

Tags

Add tags for the tip

Tip

Freetext
@cudeso cudeso added the tip A new tip label May 5, 2022
@cudeso
Copy link
Owner Author

cudeso commented Jun 30, 2022
edited

Feature (MISP.x) Purpose Default (2.4.159) Comment
log_user_ips Log user IPs Enabled Auditing
log_client_ip Include client IP in log entries Enabled Auditing
log_auth Log API authentications Disabled Auditing
log_user_ips_authkeys Log client IP on API request Enabled Auditing
log_paranoid Log all page requests Disabled Verbose, use for debugging
log_paranoid_include_post_body Include POST body Disabled Verbose, use for debugging
log_client_ip_header Store client IP in HTTP header REMOTE_ADDR Used by reverse proxies
log_new_audit New audit log system Disabled Detailed auditing

@cudeso
Copy link
Owner Author

cudeso commented Jun 30, 2022

1

@cudeso
Copy link
Owner Author

cudeso commented Jun 30, 2022

1

@cudeso cudeso mentioned this issue Jun 30, 2022
Closed
@cudeso
Copy link
Owner Author

cudeso commented Jun 30, 2022

1

@cudeso
Copy link
Owner Author

cudeso commented Jun 30, 2022

MISP can log all kinds of useful auditing information. Log client IPs and APi authentications, use paranoid logging during debugging and enable log_new_audit to log all user activity details.

@cudeso
Copy link
Owner Author

cudeso commented Jul 1, 2022

And as a reminder, don't forget to set 'export HISTTIMEFORMAT="%F %T "' in ~/.bashrc for console history timestamps

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
tip A new tip
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cudeso and others