10.2.2. Security events logging

This section describes Neo4j support for security events logging.

Neo4j provides security event logging that records all security events.

For native user management, the following actions are recorded: Log configuration

The name of the log file is security.log and it resides in the logs directory (see Section 4.2, “File locations”).

Rotation of the security events log can be configured in the neo4j.conf configuration file. The following parameters are available:

Parameter name Default value Description



Sets the file size at which the security event log will auto-rotate.



Sets the minimum time interval after the last log rotation occurred, before the log may be rotated again.



Sets number of historical log files kept.

If using LDAP as the authentication method, some cases of LDAP misconfiguration will also be logged, as well as LDAP server communication events and failures.

If many programmatic interactions are expected, for example using REST, it is advised to disable the logging of successful logins. Logging of successful logins is disabled by setting the dbms.security.log_successful_authentication parameter in the neo4j.conf file:


Below is an example of the security log:

2016-10-27 13:45:00.796+0000 INFO  [AsyncLog @ 2016-10-27 ...]  [johnsmith]: logged in
2016-10-27 13:47:53.443+0000 ERROR [AsyncLog @ 2016-10-27 ...]  [johndoe]: failed to log in: invalid principal or credentials
2016-10-27 13:48:28.566+0000 INFO  [AsyncLog @ 2016-10-27 ...]  [johnsmith]: created user `janedoe`
2016-10-27 13:48:32.753+0000 ERROR [AsyncLog @ 2016-10-27 ...]  [johnsmith]: tried to create user `janedoe`: The specified user ...
2016-10-27 13:49:11.880+0000 INFO  [AsyncLog @ 2016-10-27 ...]  [johnsmith]: added role `admin` to user `janedoe`
2016-10-27 13:49:34.979+0000 INFO  [AsyncLog @ 2016-10-27 ...]  [johnsmith]: deleted user `janedoe`
2016-10-27 13:49:37.053+0000 ERROR [AsyncLog @ 2016-10-27 ...]  [johnsmith]: tried to delete user `janedoe`: User 'janedoe' does ...
2016-10-27 14:00:02.050+0000 INFO  [AsyncLog @ 2016-10-27 ...]  [johnsmith]: created role `operator`