13.2.2. Security events logging

This section describes Neo4j support for security events logging.

Neo4j provides security event logging that records all security events.

For native user management, the following actions are recorded:

13.2.2.1. Log configuration

The name of the log file is security.log and it resides in the logs directory (see Section 5.2, “File locations”).

Rotation of the security events log can be configured in the neo4j.conf configuration file. The following parameters are available:

Parameter name Default value Description

dbms.logs.security.rotation.size

20M

Sets the file size at which the security event log will auto-rotate.

dbms.logs.security.rotation.delay

300s

Sets the minimum time interval after the last log rotation occurred, before the log may be rotated again.

dbms.logs.security.rotation.keep_number

7

Sets number of historical log files kept.

If using LDAP as the authentication method, some cases of LDAP misconfiguration will also be logged, as well as LDAP server communication events and failures.

If many programmatic interactions are expected, it is advised to disable the logging of successful logins. Logging of successful logins is disabled by setting the dbms.security.log_successful_authentication parameter in the neo4j.conf file:

dbms.security.log_successful_authentication=false

Below is an example of the security log:

2019-12-09 13:45:00.796+0000 INFO  [AsyncLog @ 2019-12-09 ...]  [johnsmith]: logged in
2019-12-09 13:47:53.443+0000 ERROR [AsyncLog @ 2019-12-09 ...]  [johndoe]: failed to log in: invalid principal or credentials
2019-12-09 13:48:28.566+0000 INFO  [AsyncLog @ 2019-12-09 ...]  [johnsmith]: CREATE USER janedoe SET PASSWORD '******' CHANGE REQUIRED
2019-12-09 13:48:32.753+0000 INFO  [AsyncLog @ 2019-12-09 ...]  [johnsmith]: CREATE ROLE custom
2019-12-09 13:49:11.880+0000 INFO  [AsyncLog @ 2019-12-09 ...]  [johnsmith]: GRANT ROLE custom TO janedoe
2019-12-09 13:49:34.979+0000 INFO  [AsyncLog @ 2019-12-09 ...]  [johnsmith]: GRANT TRAVERSE ON GRAPH * NODES A, B (*) TO custom
2019-12-09 13:49:37.053+0000 INFO  [AsyncLog @ 2019-12-09 ...]  [johnsmith]: DROP USER janedoe