Bug 1434762

Summary: [RFE][M-5]Changes in evm.log & audit.log
Product: Red Hat CloudForms Management Engine Reporter: Sachin <sacpatil>
Component: ApplianceAssignee: Hui Song <hsong>
Status: CLOSED ERRATA QA Contact: Tasos Papaioannou <tpapaioa>
Severity: high Docs Contact:
Priority: high    
Version: 5.7.0CC: abellott, cpelland, gblomqui, hsong, jhardy, jocarter, jrafanie, mfeifer, ncarboni, obarenbo, roliveri, sacpatil, simaishi
Target Milestone: MVPKeywords: FutureFeature, RFE
Target Release: 5.10.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: 5.10.0.2 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-02-07 23:02:25 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: CFME Core Target Upstream Version:
Bug Depends On: 1593171, 1601955    
Bug Blocks: 1511957, 1555371    

Description Sachin 2017-03-22 10:36:04 UTC
Description of problem:

This RFE requests a number of modifications to CloudForms auditing. This will enrich the CloudForms evm.log and audit.log for system administrators and provide additional contextual information.

Create a group
--------------
CloudForms logs the following to evm.log when a group is created, with the literal value 'new_value':

[----] I, [2017-03-03T13:26:34.193211] INFO -- : <AuditSuccess> MIQ(OpsRbac.rbac_edit_save_or_add) userid: [test-user] - [testGroup1] Record added ( description:[] to [new_value], role:[] to [new_value], group_tenant:[] to [new_value])

Request that the literal 'new_value' is modified to reflect the new group's details.

Create a role
-------------
CloudForms logs the following to evm.log when a role is created, with the literal value 'new_value':
[----] I, [2017-03-03T13:26:34.193211] INFO -- : <AuditSuccess> MIQ(OpsRbac.rbac_edit_save_or_add) userid: [test-user] - [testRole1] Record added ( name:[] to [new_value])

Request that the literal 'new_value' is modified to reflect the name of the new role.

Delete a policy
---------------
CloudForms logs the following when a policy is deleted from the VMDB:
[----] I, [2017-03-03T13:26:34.193211] INFO -- : <AuditSuccess> MIQ(CiProcessing.process_element_destroy) userid: [test-user] - 
[0e9e8c56-ffab-11e6-8359-001a4aa0a7d6] Record deleted

Request that the audit line is amended to include the following:
- Name of the policy

Delete a policy profile
-----------------------
CloudForms logs the following when a policy profile is deleted from the VMDB:
[----] I, [2017-03-03T13:26:34.193211] INFO -- : <AuditSuccess> MIQ(CiProcessing.process_element_destroy) userid: [test-user] - 
[0e9e8c56-ffab-11e6-8359-001a4aa0a7d6] Record deleted

Request that the audit line is amended to include the following:
- Name of the policy profile

Remove a VM from the VMDB
-------------------------
Presently CloudForms logs the following when a VM is removed from the VMDB:
[----] I, [2017-03-03T13:26:34.193211 #1404.120d644] INFO -- : MIQ(MiqQueue.put ) Message id: [1000000000001] id: [], Zone: [TestZone], Role: [], Server: [], Ident: [generic], Target id: [], Instance id: [], Task id: [], Command: [Vm.invoke_tasks], Timeout: [600], Priority: [100], State: [ready], Deliver on: [], Data: [], Args: [{:ids => [10000000007], :task => "destroy", userid: "test-user"}]

Request an audit message similar to the following is generated, as all data about the VM will be lost:
[----] I, [2017-03-03T13:26:34.193211] INFO -- : <AuditSuccess> MIQ(VmOps.destroy) userid: [test-user] - [VM-name, VM-id, VM-ems-ref] Record destroyed

Remove an image from the VMDB:
------------------------------
Presently CloudForms logs the following when an image is removed from the VMDB:
[----] I, [2017-03-03T13:26:34.193211 #1404.120d644] INFO -- : MIQ(MiqQueue.put ) Message id: [1000000000001] id: [], Zone: [TestZone], Role: [], Server: [], Ident: [generic], Target id: [], Instance id: [], Task id: [], Command: [Vm.invoke_tasks], Timeout: [600], Priority: [100], State: [ready], Deliver on: [], Data: [], Args: [{:ids => [10000000007], :task => "destroy", userid: "test-user"}]

Request an audit message similar to the following is generated, as all data about the image will be lost:
[----] I, [2017-03-03T13:26:34.193211] INFO -- : <AuditSuccess> MIQ(ImageOps.destroy) userid: [test-user] - [image-name, image-id, image-ems-ref] Record destroyed

Include user IP and hostname in audit events
-------------------------------
For all CFME audit events, request that the user's IP address is included in addition to the username. eg;
[----] I, [2017-03-03T13:26:34.193211] INFO -- : <AuditSuccess> MIQ(OpsRbac.rbac_edit_save_or_add) userid: [test-user] userip: [10.10.1.4] user-hostname: [test-user.example.com] - [testRole1] Record added 
( name:[] to [new_value])



Version-Release number of selected component (if applicable):

5.7.0.17


How reproducible:

NA

Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

Comment 11 Hui Song 2018-06-11 15:49:21 UTC
After discussed with Joe and Rich, we decided to split this REF into two. I'll create a new BZ for the last request of adding user IP and hostname to audit log. We need to decide how and where we will collect these information. It may need a lot of work. Current one will only focus on other requests.

Comment 12 CFME Bot 2018-06-14 15:51:42 UTC
New commit detected on ManageIQ/manageiq/master:

https://github.com/ManageIQ/manageiq/commit/083ce04639ee7b1def9b5dcee554850b29ddcc93
commit 083ce04639ee7b1def9b5dcee554850b29ddcc93
Author:     hsong-rh <hsong@redhat.com>
AuthorDate: Thu May 31 14:11:44 2018 -0400
Commit:     hsong-rh <hsong@redhat.com>
CommitDate: Thu May 31 14:11:44 2018 -0400

    Fix to show vm/image related info in audit log when deleting vm/image

    https://bugzilla.redhat.com/show_bug.cgi?id=1434762

 app/models/audit_event.rb | 4 +-
 app/models/mixins/process_tasks_mixin.rb | 2 +
 2 files changed, 5 insertions(+), 1 deletion(-)

Comment 13 CFME Bot 2018-06-22 07:48:54 UTC
New commit detected on ManageIQ/manageiq-ui-classic/master:

https://github.com/ManageIQ/manageiq-ui-classic/commit/1ef0b9d74e2779e2e693da8d60d50bf7f2d5731e
commit 1ef0b9d74e2779e2e693da8d60d50bf7f2d5731e
Author:     hsong-rh <hsong@redhat.com>
AuthorDate: Thu May 31 11:52:05 2018 -0400
Commit:     hsong-rh <hsong@redhat.com>
CommitDate: Thu May 31 11:52:05 2018 -0400

    Fix to show meaningful policy name when add/edit/delete it in audit.log

    https://bugzilla.redhat.com/show_bug.cgi?id=1434762

 app/controllers/application_controller/ci_processing.rb | 1 +
 app/controllers/miq_policy_controller.rb | 2 +
 2 files changed, 3 insertions(+)

Comment 14 Tasos Papaioannou 2018-08-02 18:44:15 UTC
Verified on 5.10.0.8.

Comment 16 errata-xmlrpc 2019-02-07 23:02:25 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2019:0212