Redgate Monitor 14

Sensitive action logging - Enterprise Feature

Private Preview

Redgate Monitor for Linux is currently in Private Preview. Please contact us if you are interested in participating.

Sensitive Action Logging is an Enterprise feature that helps administrators detect suspicious user activity actions and investigate suspected security breaches or malicious behavior in the Redgate Monitor application itself. 

What events and information are logged

When a Redgate Monitor user makes changes to high-risk configurations (e.g. changes to user privileges, suspending monitoring of a server or group, pausing alerting etc.), Redgate Monitor will log pertinent information, including: 

  • Time 
  • Version of Redgate Monitor 
  • User 
  • Action 
  • IP address 
  • Permissions 
  • Parameters used

Passwords, keys and other private or secret information

Redgate Monitor redacts passwords, keys and other private or sensitive data in the sensitive action log output. 

Usernames are not redacted as these are needed for forensic auditing purposes. 


Example log entry for suspending monitoring of a server:

"timestamp":"2025-04-01T00:17:56.8873294Z","version":"14.0.50.11584","user":exampleuser@example.com,"path":"/api/basemonitors/exampleServerName/monitoredservers/suspend","controller":"ManageMonitoredEntitiesApi","action":"SuspendEntity","httpMethod":"POST","statusCode":200,"params":{"request":{"Ids":[{"base":"exampleBaseMonitorID","Name":"exampleServerName"}],"MakeSuspended":true}} 

Format and action names

The exact format of the log (e.g. action names, parameter names) will be subject to change across versions of Redgate Monitor. 

Disabling the sensitive action logging 

This feature is enabled by default for enterprise license holders. This can be disabled by adding the following to the appsettings.json file for the machine that hosts the website:  

Example appsettings.json content to enable sensitive action logging

{ 
    "FeatureFlags": { 
       "SensitiveActionLog": false
    } 
} 

Accessing sensitive action log files 

Like other Redgate Monitor log files, Sensitive Action Log files are stored by default in C:\ProgramData\Red Gate\Logs\Redgate Monitor on Windows /var/log/redgate/redgatemonitor on Linux, or the REDGATEMONITOR_LogFilesDirectoryPath path if specified.  

You can configure sensitive action log files to be saved to a different location by setting the environment variable REDGATEMONITOR_SensitiveActionLogFilesDirectoryPath to a path of your choosing. 

Log file retention

As of version 14.0.58 of Redgate Monitor, these files will be retained for up to 30 days.





Didn't find what you were looking for?