Session timeouts do not appear in the audit log

Icinga / icingaweb2

A lightweight and extensible web interface to keep an eye on your environment. Analyse problems and act on them.

https://icinga.com/get-started/

GNU General Public License v2.0

798 stars 276 forks source link

Session timeouts do not appear in the audit log #3769

Open mtdeguzis opened 5 years ago

mtdeguzis commented 5 years ago

I am not sure if this is possible, but playing InfoSec devils advocate that asks for the audit log, I see a lot o log in's, but nothing else. There has to be some mechanism in Icinga to track for this.

nilmerg commented 5 years ago

Hi,

this is indeed not so easy. At the moment even impossible as our sessions are stored by PHP and we have no way to identify a session's owner.

Though, once we have our own session storage (#3162) this may be possible, albeit not very soon.