goharbor
Add client IP for audit logs
Currently audit logs don't contain client IP, which isn't enough for security audit. Can we add it for audit log?
Currently, the client IP is not stored in the database, but maybe it can be grabbed from the nginx or core logs.
Currently, the client IP is not stored in the database, but maybe it can be grabbed from the nginx or core logs.
Yeah Nginx logs contain client IPs but it's difficult to associate them with corresponding accounts. I just found related issues:
- #16423 just records the IPs failed to login.
- #5561 is the exact same as my issue, and a related proposal goharbor/community#10 is still open and has no any progress.
@chlins I think this is valuable, do you agree to do it? If yes, I can contribute.
Any news on this...
This is important to track security related issues...
I can try and fix this, if you think it's a good first issue.
I agree having IP information is helpful, but it's secure only when it's accurate. I'm no expert in networking, but if the client is using VPN or from a different network, getting the source IP may be complicated.
Storing inaccurate information will only have negative effect to security.
I agree having IP information is helpful, but it's secure only when it's accurate. I'm no expert in networking, but if the client is using VPN or from a different network, getting the source IP may be complicated.
@reasonerjt It's unnecessary for developers to consider such complicated situations, it's for security team's.
In our case of cloud's customer, they required record client ip to the audit logs. But it is difficult to obtain the client IP accurately if the user uses a proxy, or the server is deployed in some special network area, such as behind CloudFlare.
