Re: [mosquitto-dev] Logging source address of failed actions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [mosquitto-dev] Logging source address of failed actions

From: Roger Light <roger@xxxxxxxxxx>
Date: Wed, 28 Feb 2024 23:50:55 +0000
Delivered-to: mosquitto-dev@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/mosquitto-dev/>
List-help: <mailto:mosquitto-dev-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/mosquitto-dev>, <mailto:mosquitto-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/mosquitto-dev>, <mailto:mosquitto-dev-request@eclipse.org?subject=unsubscribe>

Hi Michael,

You're right that the only place the IP address is logged is on the
initial connection, after that it is just the client id that is used
in the logs. If you're happy tweaking the go-auth plugin, you can get
the IP address of a client in the plugin using `const char
*mosquitto_client_address(const struct mosquitto *client)`.

Regards,

Roger

On Mon, 26 Feb 2024 at 18:00, Michael Guyse via mosquitto-dev
<mosquitto-dev@xxxxxxxxxxx> wrote:
>
> I was curious if there is a way to log the source IP in a CONNACK, SUBACK, or the Denied to Publish logs.  I see in the code that if the id is set (which for us it always is) that only the id will be logged and the address isn't.  I would like to have at least the source IP if not also the user/clientID to allow better formatted messages for security messages as I'm using fluent bit to convert the logs to the ECS standard.
>
> I am currently using v2.0.18 as our mosquitto version and the majority of our connections are coming in via a secure websocket to establish the TLS layer.  For our backend ACL we're using the go-auth plugin, however that logging doesn't include the source IP either so I'm at a loss how I can potentially get the source IP and if possible also the user/clientID in the log.
>
> Just for reference here's our current mosquitto.conf and I so far don't see any options to make sure to log the source IP via the mosquitto.conf's man page.
>
>  log_type all
>     log_type websockets
>     websockets_log_level 7
>     log_timestamp_format %Y-%m-%dT%H:%M:%S
>     log_dest file /var/log/mosquitto.log
>
>     connection_messages true
>
>     listener 1883
>
>     listener 1884
>     protocol websockets
>     use_username_as_clientid true
>
>     user mosquitto
>
>     retain_available false
>
>     allow_anonymous false
>     include_dir /etc/mosquitto/conf.d
>
> For more information on how and why we collect your personal information, please visit our Privacy Policy.
>
> _______________________________________________
> mosquitto-dev mailing list
> mosquitto-dev@xxxxxxxxxxx
> To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/mosquitto-dev

References:
- [mosquitto-dev] Logging source address of failed actions
  - From: Michael Guyse

Prev by Date: [mosquitto-dev] Logging source address of failed actions
Next by Date: [mosquitto-dev] Two memory leaks in mosquitto
Previous by thread: [mosquitto-dev] Logging source address of failed actions
Next by thread: [mosquitto-dev] Two memory leaks in mosquitto
Index(es):
- Date
- Thread

Breadcrumbs