acl-log.3valkey - Man Page
Lists recent security events generated due to ACL rules.
Synopsis
ACL LOG
[count | RESET
]
Description
The command shows a list of recent ACL security events:
- Failures to authenticate their connections with
AUTH
orHELLO
. - Commands denied because against the current ACL rules.
- Commands denied because accessing keys not allowed in the current ACL rules.
The optional argument specifies how many entries to show. By default up to ten failures are returned. The special RESET
argument clears the log. Entries are displayed starting from the most recent.
Reply
When called to show security events:
- valkey-protocol(7) Array reply: an array of valkey-protocol(7) Bulk string reply elements representing ACL security events.
When called with RESET
:
- valkey-protocol(7) Simple string reply:
OK
if the security log was cleared.
Complexity
O(N) with N being the number of entries shown.
Acl Categories
@admin @dangerous @slow
History
- Available since: 6.0.0
- Changed in 7.2.0: Added entry ID, timestamp created, and timestamp last updated.
Examples
127.0.0.1:6379> AUTH someuser wrongpassword (error) WRONGPASS invalid username-password pair > ACL LOG 1 1) 1) "count" 2) (integer) 1 3) "reason" 4) "auth" 5) "context" 6) "toplevel" 7) "object" 8) "AUTH" 9) "username" 10) "someuser" 11) "age-seconds" 12) "8.038" 13) "client-info" 14) "id=3 addr=127.0.0.1:57275 laddr=127.0.0.1:6379 fd=8 name= age=16 idle=0 flags=N db=0 sub=0 psub=0 ssub=0 multi=-1 qbuf=48 qbuf-free=16842 argv-mem=25 multi-mem=0 rbs=1024 rbp=0 obl=0 oll=0 omem=0 tot-mem=18737 events=r cmd=auth user=default redir=-1 resp=2" 15) "entry-id" 16) (integer) 0 17) "timestamp-created" 18) (integer) 1675361492408 19) "timestamp-last-updated" 20) (integer) 1675361492408
Each log entry is composed of the following fields:
count
: The number of security events detected within a 60 second period that are represented by this entry.reason
: The reason that the security events were logged. Eithercommand
,key
,channel
, orauth
.context
: The context that the security events were detected in. Eithertoplevel
,multi
,lua
, ormodule
.object
: The resource that the user had insufficient permissions to access.auth
when the reason isauth
.username
: The username that executed the command that caused the security events or the username that had a failed authentication attempt.age-seconds
: Age of the log entry in seconds.client-info
: Displays the client info of a client which caused one of the security events.entry-id
: The sequence number of the entry (starting at 0) since the server process started. Can also be used to check if items were “lost”, if they fell between periods.timestamp-created
: A UNIX timestamp inmilliseconds
at the time the entry was first created.timestamp-last-updated
: A UNIX timestamp inmilliseconds
at the time the entry was last updated.
See Also
acl(3valkey), acl-cat(3valkey), acl-deluser(3valkey), acl-dryrun(3valkey), acl-genpass(3valkey), acl-getuser(3valkey), acl-help(3valkey), acl-list(3valkey), acl-load(3valkey), acl-save(3valkey), acl-setuser(3valkey), acl-users(3valkey), acl-whoami(3valkey), bgrewriteaof(3valkey), bgsave(3valkey), command(3valkey), command-count(3valkey), command-docs(3valkey), command-getkeys(3valkey), command-getkeysandflags(3valkey), command-help(3valkey), command-info(3valkey), command-list(3valkey), config(3valkey), config-get(3valkey), config-help(3valkey), config-resetstat(3valkey), config-rewrite(3valkey), config-set(3valkey), dbsize(3valkey), debug(3valkey), failover(3valkey), flushall(3valkey), flushdb(3valkey), info(3valkey), lastsave(3valkey), latency(3valkey), latency-doctor(3valkey), latency-graph(3valkey), latency-help(3valkey), latency-histogram(3valkey), latency-history(3valkey), latency-latest(3valkey), latency-reset(3valkey), lolwut(3valkey), memory(3valkey), memory-doctor(3valkey), memory-help(3valkey), memory-malloc-stats(3valkey), memory-purge(3valkey), memory-stats(3valkey), memory-usage(3valkey), module(3valkey), module-help(3valkey), module-list(3valkey), module-load(3valkey), module-loadex(3valkey), module-unload(3valkey), monitor(3valkey), psync(3valkey), replconf(3valkey), replicaof(3valkey), restore-asking(3valkey), role(3valkey), save(3valkey), shutdown(3valkey), slowlog(3valkey), slowlog-get(3valkey), slowlog-help(3valkey), slowlog-len(3valkey), slowlog-reset(3valkey), swapdb(3valkey), sync(3valkey), time(3valkey)