Sensitive action logging - Enterprise Feature
Published 01 May 2025
Private Preview
Redgate Monitor for Linux is currently in Private Preview. Please contact us if you are interested in participating.
Sensitive Action Logging is an Enterprise feature that helps administrators detect suspicious user activity actions and investigate suspected security breaches or malicious behavior in the Redgate Monitor application itself.
What events and information are logged?
When a Redgate Monitor user makes changes to high-risk configurations (e.g. changes to user privileges, suspending monitoring of a server or group, pausing alerting etc.), Redgate Monitor will log pertinent information, including:
- Time
- Version of Redgate Monitor
- User
- Action
- IP address
- Permissions
- Parameters used
Passwords, keys and other private or secret information
Redgate Monitor redacts passwords, keys and other private or sensitive data in the sensitive action log output.
Usernames are not redacted as these are needed for forensic auditing purposes.
Example log entry for suspending monitoring of a server:
"timestamp":"2025-04-01T00:17:56.8873294Z","version":"14.0.50.11584","user":exampleuser@example.com,"path":"/api/basemonitors/exampleServerName/monitoredservers/suspend","controller":"ManageMonitoredEntitiesApi","action":"SuspendEntity","httpMethod":"POST","statusCode":200,"params":{"request":{"Ids":[{"base":"exampleBaseMonitorID","Name":"exampleServerName"}],"MakeSuspended":true}}
Format and action names
The exact format of the log (e.g. action names, parameter names) will be subject to change across versions of Redgate Monitor.
Disabling the sensitive action logging
This feature is enabled by default for enterprise license holders. This can be disabled by adding the following to the appsettings.json file for the machine that hosts the website:
Example appsettings.json content to enable sensitive action logging
{ "FeatureFlags": { "SensitiveActionLog": false } }
Accessing sensitive action log files
Like other Redgate Monitor log files, Sensitive Action Log files are stored by default in C:\ProgramData\Red Gate\Logs\Redgate Monitor on Windows /var/log/redgate/redgatemonitor on Linux, or the REDGATEMONITOR_LogFilesDirectoryPath path if specified.
You can configure sensitive action log files to be saved to a different location by setting the environment variable REDGATEMONITOR_SensitiveActionLogFilesDirectoryPath to a path of your choosing.
Log file retention
As of version 14.0.58 of Redgate Monitor, these files will be retained for up to 30 days.