search access control

Follow
Avatar
Nagaraju Kshathriya

Hi Team,

Can we restrict the search logs access to particular  time frame?

Use case:

Today I will set log level to DEBUG for investigating purpose from 7PM to 9PM. Tomorrow if i try to access the logs between 7PM to 9PM then i shouldn't get the logs as this logs contains sensitive informarion.

Simply, I don't want to my users to access logs from 7Pm to 9PM .

And also can we restrict the logs access based on log level? Say if logs contains DEBUG keyword then don't show in search results.

Let me know if you need more details on this.

 

Thanks,

Nagaraju Kshathriya

 

0

Comments

1 comment

Sort by Date Votes
  • Official comment
    Avatar
    Graham Watts

    Hi Nagaraju,

    For this use case, you should use a Search Filter for the Role assigned to all users who should not see this sensitive data.

    For example, if your log line looks like this:

    2020-09-08 01:35:38:924 DEBUG ip=10.0.10.220 system=DeveloperSystems build=9588 message="a change has been made on the host"

    You can create a Search Filter for Roles of your users like this (replace with your own _sourceCategory):


        !(_sourceCategory=prod/system DEBUG)


    I suggest testing this by searching for:

        _sourceCategory=prod/system DEBUG

    and confirming that the data returned is the data you want to hide from users with the Search Filter.


    I hope this helps, please let us know if you have addiiton questions here.


    Thank you,

    Graham

    Comment actions Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post