Logs

Overview

Mamori logs available for viewing via the web console, queryable via MSQL and the API.

  • MFA Requests
  • Connection
  • Query Session
  • TCP Connection
  • HTTP Request
  • Session Policy
  • Permission
  • Secret Access
  • Policies Request
  • WireGuard
SQL String literals are masked in the Query session log. To view SQL in the clear an user requires the VIEW CLEAR SQL LOG permission.

Mamori logs available for viewing on the OS

  • Mamori service log
  • Mamori proxy logs
  • Nginx

Connection

The connection log logs all connections via mamori by user

  • Api (Web portal sessions)
  • Mobile App
  • Web App (HTTP/S proxy)
  • Remote Desktop (RDP session)
  • SSH (SSH or SFTP session)
  • WireGuard (ZTNA sessions)
  • DB Proxy (Database access via native tools)

View Authentication Events

To see the authentication events for a connection

Find the connection and click on Authentication Events row menu item

View Recordings

To see the session recording for SQL, SSH or RDP

Click on the desired connection type or filter by user

Find the connection and click on View Session Details row menu item

Query Log

The SQL log for a session contains the breakdown of all execute queries by user

  • original sql
  • number of rows returned to the client
  • statement type (SELECT, INSERT, UPDATE, DELETE, CREATE etc)
  • referenced tables
  • reference columns
  • if access or privacy permission were applied
To see policy processing steps for a query, then select view query steps for a query.
Edit this page on GitHub Updated at Mon, May 15, 2023