Currently operations performed by cluster members using internal authentication are logged with the internal __system user, and the IP address of the remote server. It would be an improvement to log the identity of the remote server requesting the operation rather than just its IP address.
For x.509 this is fairly straightforward since a unique name is provided in the client certificate presented by the remote server. We can use the name from the client certificate as a user name in the audit logs.
- duplicates
-
SERVER-52862 Move logAuthentication hooks to AuthenticationSession
- Closed
- related to
-
SERVER-53604 Include original aws iam arn in authenticate audit logs
- Closed