Bug 1155817

Summary: [RFE] Improve auditing and externalize audit logs
Product: Red Hat Satellite Reporter: Maxim Burgerhout <mburgerh>
Component: Audit LogAssignee: Marek Hulan <mhulan>
Status: CLOSED ERRATA QA Contact: Roman Plevka <rplevka>
Severity: high Docs Contact:
Priority: high    
Version: 6.0.4CC: andrew.schofield, arahaman, asanders, bkearney, chenders, cpatters, creynold, dconsoli, egolov, fgarciad, ggatward, jko, jswensso, ktordeur, omaciel, pdwyer, pghadge, rjerrido, rplevka, satellite6-bugs, sauchter, sreber
Target Milestone: 6.4.0Keywords: FutureFeature, PrioBumpGSS, Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
URL: http://projects.theforeman.org/issues/6752
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-10-16 15:25:56 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 260381, 1115190, 1317008    

Comment 1 RHEL Program Management 2014-10-22 22:42:51 UTC 
Since this issue was entered in Red Hat Bugzilla, the release flag has been
set to ? to ensure that it is properly evaluated for this release.
Comment 4 Dominic Cleal 2014-10-23 12:19:59 UTC 
Connecting redmine issue http://projects.theforeman.org/issues/6752 from this bug
Comment 5 Bryan Kearney 2014-10-30 15:49:49 UTC 
It may be possible to use foreman_hooks in the short term in order to do _something_ when audit records are created. Foreman_hooks is delivered with Satellite 6. The doco is missing, but you can read about it upstream at https://github.com/theforeman/foreman_hooks
Comment 7 Bryan Kearney 2015-08-25 18:32:18 UTC 
Upstream bug component is Audit Log
Comment 8 Ashfaqur Rahaman 2015-12-23 06:52:30 UTC 
Hi,

I have a case where customer is requesting some additional feature in audit logs as below : 

The additional audit functionality requested is:
- Auditing of all USER actions performed via the Web, hammer and API interfaces
- Internal automated processes should be excluded from these audits
- Ideally logs should be produced in XML format, although syslog-compatible format would also be acceptable.

The User Audit logs need to include:
- Event Timestamp
- The activity that generated the entry
- The item that has been changed due to the activity, with details of the change
- The username of the user that initiated the activity
- The status of the event, either success or failure

Some example events that would trigger these new audit logs would be:
- User login and logout from (including session timeout) the web interface
- Account creation, modification, locking or deletion
- Account role/attribute assignment/de-assignment
- Modification of data (changes to hosts, host groups, locations, content views, activation keys etc)
- Deletion of data

Will it be possible to incorporate in Satellite 6.2 ?

Thanks
Comment 10 Ashfaqur Rahaman 2016-01-04 02:41:45 UTC 
Hello,

More requirements on the audit logs :

Customer requires more detailed activity details in the audit log which will describe what the user has actually modified. 

For example: Currently Satellite 6 reports in the UI that "User X modified view Y at Date/time".  It doesn't say What the user actually modified inside the content view, but we require this detail for audit logging.

Would it be possible to include this request in this RFE ? 

This is very important for the customer. 

Thank you
Comment 12 Bryan Kearney 2016-02-17 21:30:57 UTC 
Thank you for the additional detail.
Comment 14 Bryan Kearney 2016-07-08 20:24:39 UTC 
Per 6.3 planning, moving out non acked bugs to the backlog
Comment 29 Bryan Kearney 2018-01-18 19:43:19 UTC 
*** Bug 1403137 has been marked as a duplicate of this bug. ***
Comment 30 Bryan Kearney 2018-01-18 19:45:53 UTC 
*** Bug 1269261 has been marked as a duplicate of this bug. ***
Comment 31 Bryan Kearney 2018-01-18 19:48:00 UTC 
*** Bug 980152 has been marked as a duplicate of this bug. ***
Comment 32 Brad Buckingham 2018-01-30 11:21:08 UTC 
*** Bug 1539084 has been marked as a duplicate of this bug. ***
Comment 33 Satellite Program 2018-04-03 12:21:45 UTC 
Upstream bug assigned to mhulan
Comment 34 Satellite Program 2018-04-03 12:21:54 UTC 
Upstream bug assigned to mhulan
Comment 35 Satellite Program 2018-04-04 10:21:41 UTC 
Moving this bug to POST for triage into Satellite 6 since the upstream issue http://projects.theforeman.org/issues/6752 has been resolved.
Comment 40 Roman Plevka 2018-09-20 14:47:27 UTC 
putting this to verified since all the bugs related to the feature have been resolved
Comment 42 errata-xmlrpc 2018-10-16 15:25:56 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:2927