Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-61919

Audit trail plugin shows anonymous user logged out

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Not A Defect
    • Icon: Minor Minor
    • audit-trail-plugin
    • None
    • Jenkins 2.222.1 LTS
      Audit trail plugin - 3.3

      I have audit trail plugin configured in Jenkins installation. I noticed that since last few days the audit log entries shows entries for "anonymous" user logging out.

      This is strange because anonymous access is disabled already, Jenkins is connected to Active Directory. Second, there are no entries for "anonymous" user logging-in. It just shows a log out entry.

      Any clues as to what is happening ?

        1. Splunk Anonymous entry.png
          Splunk Anonymous entry.png
          19 kB

          [JENKINS-61919] Audit trail plugin shows anonymous user logged out

          Pierre Beitz added a comment -

          ankurja Could you please share:

          • a sample of the entry you see
          • the pattern you use

          Pierre Beitz added a comment - ankurja Could you please share: a sample of the entry you see the pattern you use

          Ankur added a comment -

          I am forwarding all logs to Splunk. Here is how it shows up there:

          Ankur added a comment - I am forwarding all logs to Splunk. Here is how it shows up there:

          Pierre Beitz added a comment -

          ankurja are you sure those logs are coming from the audit trail plugin? I would expect the plugin to log an url (path), I don't think "logged out" is an output coming from the audit trail plugin.

           

          • Do you have evidence showing that those are logs coming from the Audit Trail plugin? 
          • Splunk is not natively supported by the plugin, could you please check the logs generated by the Audit Trail plugin and look for "logged out"? Maybe there is a transformation at Splunk level?

           

          Other hypothesis I have is that you are in fact looking at logs generated by Jenkins itself, namely this one: https://github.com/jenkinsci/jenkins/blob/fdb6faed00ef73c98e2f69c133d8c9a87a0ca9b0/core/src/main/java/jenkins/security/SecurityListener.java#L143

          Pierre Beitz added a comment - ankurja  are you sure those logs are coming from the audit trail plugin? I would expect the plugin to log an url (path), I don't think "logged out" is an output coming from the audit trail plugin.   Do you have evidence showing that those are logs coming from the Audit Trail plugin?  Splunk is not natively supported by the plugin, could you please check the logs generated by the Audit Trail plugin and look for "logged out"? Maybe there is a transformation at Splunk level?   Other hypothesis I have is that you are in fact looking at logs generated by Jenkins itself, namely this one:  https://github.com/jenkinsci/jenkins/blob/fdb6faed00ef73c98e2f69c133d8c9a87a0ca9b0/core/src/main/java/jenkins/security/SecurityListener.java#L143

          Ankur added a comment -

          I also did further investigation into this and it does not look like the messages are originating from Audit Trail plugin. Splunk was putting the messages under "Audit Trail" section, which led me to believe earlier that audit trail plugin is sending that data. But that's not the case.

          I will have to do further investigation on the source of those messages, and will also look at the link you shared.

          Can you close this issue or should I be doing it ?

          Ankur added a comment - I also did further investigation into this and it does not look like the messages are originating from Audit Trail plugin. Splunk was putting the messages under "Audit Trail" section, which led me to believe earlier that audit trail plugin is sending that data. But that's not the case. I will have to do further investigation on the source of those messages, and will also look at the link you shared. Can you close this issue or should I be doing it ?

          Pierre Beitz added a comment -

          ankurja thanks for the feedback. Closing.

          Pierre Beitz added a comment - ankurja thanks for the feedback. Closing.

            pierrebtz Pierre Beitz
            ankurja Ankur
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: