Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1619391

Summary: ovirt-aaa-jdbc-tool detailed logging for users
Product: Red Hat Enterprise Virtualization Manager Reporter: schandle
Component: ovirt-engine-extension-aaa-jdbcAssignee: Martin Perina <mperina>
Status: CLOSED ERRATA QA Contact: Petr Matyáš <pmatyas>
Severity: medium Docs Contact: Rolfe Dlugy-Hegwer <rdlugyhe>
Priority: unspecified    
Version: 4.2.5CC: lleistne, lsurette, michal.skrivanek, mkalinin, mperina, rdlugyhe, Rhev-m-bugs, sborella
Target Milestone: ovirt-4.3.2   
Target Release: 4.3.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ovirt-engine-extension-aaa-jdbc-1.1.9-1 Doc Type: Enhancement
Doc Text:
In the current release, invoking the ovirt-aaa-jdbc-tool logs the following three events to the syslog server: the user who invokes the ovirt-aaa-jdbc-tool; the parameters passed to ovirt-aaa-jdbc-tool except filter passwords; and whether invoking ovirt-aaa-jdbc-tool was successful.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2019-05-08 12:35:29 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Infra RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description schandle 2018-08-20 17:24:42 UTC 
Description of problem:
When using the ovirt-aaa-jdbc-tool, there is only stdout/stderr for logging of users being added or modified.  For security auditing, this information is not gathered in logs for archival referencing of who created the internal user or even when the user was created. 

Version-Release number of selected component (if applicable):
RHV 4.2
ovirt-engine-extension-aaa-jdbc-1.1.7-1.el7ev

How reproducible:
100%

Steps to Reproduce:
1. ovirt-aaa-jdbc-tool --log-level=ALL
2. ovirt-aaa-jdbc-tool user add test2 --attribute=firstName=John --attribute=lastName=Doe
3.

Actual results:
We see the stdout, however this information is not being logged

Expected results:
Have an archival referance of the user that was created or modified for internal users whether it is in the engine log or in the database. 

Additional info:
I see Bug 1255416, there is not issue with a stdout/stderr.  Looking for a way to parse this information for auditing users.
Comment 5 Petr Matyáš 2019-03-07 09:36:37 UTC 
Verified on ovirt-engine-extension-aaa-jdbc-1.1.9-1.el7ev.noarch
Comment 8 errata-xmlrpc 2019-05-08 12:35:29 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:1071