[JIRA] (JENKINS-61919) Audit trail plugin shows anonymous user logged out

17 views
Skip to first unread message

ankurja@gmail.com (JIRA)

unread,
Apr 15, 2020, 1:17:02 PM4/15/20
to jenkinsc...@googlegroups.com
Ankur created an issue
 
Jenkins / Bug JENKINS-61919
Audit trail plugin shows anonymous user logged out
Issue Type: Bug Bug
Assignee: Pierre Beitz
Components: audit-trail-plugin
Created: 2020-04-15 17:16
Environment: Jenkins 2.222.1 LTS
Audit trail plugin - 3.3
Priority: Minor Minor
Reporter: Ankur

I have audit trail plugin configured in Jenkins installation. I noticed that since last few days the audit log entries shows entries for "anonymous" user logging out.

This is strange because anonymous access is disabled already, Jenkins is connected to Active Directory. Second, there are no entries for "anonymous" user logging-in. It just shows a log out entry.

Any clues as to what is happening ?
Add Comment Add Comment
 
This message was sent by Atlassian Jira (v7.13.12#713012-sha1:6e07c38)
Atlassian logo

pibeitz@gmail.com (JIRA)

unread,
Apr 18, 2020, 8:16:03 AM4/18/20
to jenkinsc...@googlegroups.com
Pierre Beitz commented on Bug JENKINS-61919
 
Re: Audit trail plugin shows anonymous user logged out

Ankur Could you please share:

  • a sample of the entry you see
  • the pattern you use

ankurja@gmail.com (JIRA)

unread,
Apr 20, 2020, 12:58:02 PM4/20/20
to jenkinsc...@googlegroups.com
Ankur updated an issue
 
Change By: Ankur
Attachment: Splunk Anonymous entry.png

ankurja@gmail.com (JIRA)

unread,
Apr 20, 2020, 12:58:03 PM4/20/20
to jenkinsc...@googlegroups.com
Ankur commented on Bug JENKINS-61919
 
Re: Audit trail plugin shows anonymous user logged out

I am forwarding all logs to Splunk. Here is how it shows up there:

pibeitz@gmail.com (JIRA)

unread,
May 2, 2020, 12:09:02 PM5/2/20
to jenkinsc...@googlegroups.com

Ankur are you sure those logs are coming from the audit trail plugin? I would expect the plugin to log an url (path), I don't think "logged out" is an output coming from the audit trail plugin.

 

  • Do you have evidence showing that those are logs coming from the Audit Trail plugin? 
  • Splunk is not natively supported by the plugin, could you please check the logs generated by the Audit Trail plugin and look for "logged out"? Maybe there is a transformation at Splunk level?

 

Other hypothesis I have is that you are in fact looking at logs generated by Jenkins itself, namely this one: https://github.com/jenkinsci/jenkins/blob/fdb6faed00ef73c98e2f69c133d8c9a87a0ca9b0/core/src/main/java/jenkins/security/SecurityListener.java#L143

ankurja@gmail.com (JIRA)

unread,
May 3, 2020, 11:02:03 AM5/3/20
to jenkinsc...@googlegroups.com
Ankur commented on Bug JENKINS-61919

I also did further investigation into this and it does not look like the messages are originating from Audit Trail plugin. Splunk was putting the messages under "Audit Trail" section, which led me to believe earlier that audit trail plugin is sending that data. But that's not the case.

I will have to do further investigation on the source of those messages, and will also look at the link you shared.

Can you close this issue or should I be doing it ?

pibeitz@gmail.com (JIRA)

unread,
May 3, 2020, 11:38:03 AM5/3/20
to jenkinsc...@googlegroups.com

Ankur thanks for the feedback. Closing.

pibeitz@gmail.com (JIRA)

unread,
May 3, 2020, 11:38:03 AM5/3/20
to jenkinsc...@googlegroups.com
Pierre Beitz closed an issue as Not A Defect
 
Change By: Pierre Beitz
Status: Open Closed
Resolution: Not A Defect
Reply all
Reply to author
Forward
0 new messages