API: Include IP address when logging request error #21596
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
|
thedeveloperr
changed the title
marefr
suggested changes
Feb 11, 2020
There was a problem hiding this comment.
@thedeveloperr thanks. Sorry it taken me long time to come back to this one. After consideration I've notice that our router logging middleware (when enabled) includes remote_addr, <ip> why I suggest to revert your change to middleware.go and in addition log IP address on error in common.go:
diff --git a/pkg/api/common.go b/pkg/api/common.go
index 0f81e30..7f87925 100644
--- a/pkg/api/common.go
+++ b/pkg/api/common.go
@@ -47,7 +47,7 @@ func Wrap(action interface{}) macaron.Handler {
func (r *NormalResponse) WriteTo(ctx *m.ReqContext) {
if r.err != nil {
- ctx.Logger.Error(r.errMessage, "error", r.err)
+ ctx.Logger.Error(r.errMessage, "error", r.err, "remote_addr", ctx.RemoteAddr())
}
header := ctx.Resp.Header()
|
So remove changes from middleware.go but add here in common.go ? |
|
Yes, please :) Eager to merge once its been fixed. |
This will provide additional security information on failed login and also help integrate services like Fail2Ban to detect brute force attacks.
thedeveloperr
force-pushed
the
area/backend/logging/add_ip_on_login
branch
from
4ab7b6d
to
5043eab
Compare
marefr
changed the title
|
Thank you for contributing to Grafana! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What this PR does / why we need it:
This will provide additional security information on failed login
and also help integrate services like Fail2Ban to detect brute
force attacks.
Which issue(s) this PR fixes:
Fixes #21310
Special notes for your reviewer:
In my local dev setup, e2e tests were failing due to some phantomjs installation issue, I create this PR to run tests on circle ci to ensure my changes are not failing any tests. Also this log line didn't fail any backend test so didn't write my own test. Do you need me to write test for this change ?