Logs

Overview

Mamori logs available for viewing via the web console, queryable via MSQL and the API.

  • MFA Requests
  • Connection
  • Alert
  • Query Session
  • TCP Connection
  • HTTP Request
  • Session Policy
  • Permission
  • Secret Access
  • Policies Request
  • WireGuard
SQL String literals are masked in the Query session log. To view SQL in the clear an user requires the VIEW CLEAR SQL LOG permission.

Mamori logs available for viewing on the OS

  • Mamori service log
  • Mamori proxy logs
  • Nginx

Connection

The connection log logs all connections via mamori by user

  • Api (Web portal sessions)
  • Mobile App
  • Web App (HTTP/S proxy)
  • Remote Desktop (RDP session)
  • SSH (SSH or SFTP session)
  • WireGuard (ZTNA sessions)
  • DB Proxy (Database access via native tools)

View Authentication Events

To see the authentication events for a connection

Find the connection and click on Authentication Events row menu item

View Recordings

To see the session recording for SQL, SSH or RDP

Click on the desired connection type or filter by user

Find the connection and click on View Session Details row menu item

Query Log

The SQL log for a session contains the breakdown of all execute queries by user

  • original sql
  • number of rows returned to the client
  • statement type (SELECT, INSERT, UPDATE, DELETE, CREATE etc)
  • referenced tables
  • reference columns
  • if access or privacy permission were applied
To see policy processing steps for a query, then select view query steps for a query.

Alert

Constains all the alerts triggered across all mamori nodes

Grid Columns

ColumnDescription
AlertThe name of the triggered alert
Alert KeyThe primary key value of the alert
Alert FactsThe data contained in the alert
Alert TimeTimestamp of the alert

Row menus

Deliver Details - Displays the delivery details for the alert

Mute - mute the alert with a specified key for a specified amount of time

Edit this page on GitHub Updated at Wed, Mar 13, 2024