Jenkinsdevops~5 mins

Security audit logging in Jenkins - Commands & Configuration

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Introduction

Security audit logging helps track who did what and when in Jenkins. It records important actions to keep your system safe and find problems quickly.

When you want to see who changed a job configuration in Jenkins

When you need to track login attempts to detect unauthorized access

When you want to keep records of plugin installations or removals

When you need to comply with security rules that require activity logs

When troubleshooting security incidents by reviewing user actions

Config File - audit-log.properties

audit-log.properties

audit.enabled=true
audit.logfile=jenkins_audit.log
audit.logformat=JSON

This file enables audit logging in Jenkins.

audit.enabled=true turns on audit logging.

audit.logfile=jenkins_audit.log sets the file where logs are saved.

audit.logformat=JSON saves logs in JSON format for easy reading and processing.

Commands

Starts Jenkins with audit logging enabled, saving logs to the specified file.

Terminal

java -jar jenkins.war --audit-log=jenkins_audit.log

Expected OutputExpected

Running from: /path/to/jenkins.war INFO: Jenkins is fully up and running Audit logging enabled, writing to jenkins_audit.log

→

--audit-log - Specifies the audit log file path

Shows the latest audit log entries live as Jenkins runs, so you can monitor actions in real time.

Terminal

tail -f jenkins_audit.log

Expected OutputExpected

{"timestamp":"2024-06-01T12:00:00Z","user":"admin","action":"Job Created","details":"Created job example-job"} {"timestamp":"2024-06-01T12:05:00Z","user":"user1","action":"Login Success","details":"User logged in successfully"}

→

-f - Follows the file to show new log entries as they appear

Formats the audit log file content in a readable JSON format using jq tool.

Terminal

cat jenkins_audit.log | jq '.'

Expected OutputExpected

[ { "timestamp": "2024-06-01T12:00:00Z", "user": "admin", "action": "Job Created", "details": "Created job example-job" }, { "timestamp": "2024-06-01T12:05:00Z", "user": "user1", "action": "Login Success", "details": "User logged in successfully" } ]

Key Concept

If you remember nothing else from this pattern, remember: audit logging records key user actions to help secure and troubleshoot Jenkins.

Common Mistakes

Not enabling audit logging in Jenkins configuration

Without enabling, no audit logs are created, so you lose visibility into user actions.

Set audit.enabled=true in the audit-log.properties file and restart Jenkins.

Not specifying a log file path for audit logs

Jenkins may not save logs or save them in unexpected places, making them hard to find.

Use the --audit-log flag or set audit.logfile in the properties file to a known location.

Ignoring log file rotation or size management

Audit log files can grow large and fill disk space, causing Jenkins or the server to fail.

Implement log rotation using external tools or Jenkins plugins to manage log size.

Summary

Enable audit logging by setting audit.enabled=true in audit-log.properties.

Start Jenkins with the --audit-log flag to specify the audit log file.

Use commands like tail and jq to monitor and read audit logs in real time.