Logs
Overview
Mamori logs available for viewing via the web console, queryable via MSQL and the API.
- MFA Requests
- Connection
- Alert
- Query Session
- TCP Connection
- HTTP Request
- Session Policy
- Permission
- Secret Access
- Policies Request
- WireGuard
SQL String literals are masked in the Query session log. To view SQL in the clear an user requires the VIEW CLEAR SQL LOG permission.
Mamori logs available for viewing on the OS
- Mamori service log
- Mamori proxy logs
- Nginx
Connection
The connection log logs all connections via mamori by user
- Api (Web portal sessions)
- Mobile App
- Web App (HTTP/S proxy)
- Remote Desktop (RDP session)
- SSH (SSH or SFTP session)
- WireGuard (ZTNA sessions)
- DB Proxy (Database access via native tools)
View Authentication Events
To see the authentication events for a connection
Find the connection and click on Authentication Events row menu item
View Recordings
To see the session recording for SQL, SSH or RDP
Click on the desired connection type or filter by user
Find the connection and click on View Session Details row menu item
Query Log
The SQL log for a session contains the breakdown of all execute queries by user
- original sql
- number of rows returned to the client
- statement type (SELECT, INSERT, UPDATE, DELETE, CREATE etc)
- referenced tables
- reference columns
- if access or privacy permission were applied
To see policy processing steps for a query, then select view query steps for a query.
Alert
Constains all the alerts triggered across all mamori nodes
Grid Columns
| Column | Description |
|---|---|
| Alert | The name of the triggered alert |
| Alert Key | The primary key value of the alert |
| Alert Facts | The data contained in the alert |
| Alert Time | Timestamp of the alert |
Row menus
Deliver Details - Displays the delivery details for the alert
Mute - mute the alert with a specified key for a specified amount of time