Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1155817 - [RFE] Improve auditing and externalize audit logs
Summary: [RFE] Improve auditing and externalize audit logs
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Audit Log
Version: 6.0.4
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: 6.4.0
Assignee: Marek Hulan
QA Contact: Roman Plevka
URL: http://projects.theforeman.org/issues...
Whiteboard:
: 980152 1269261 1403137 1539084 (view as bug list)
Depends On:
Blocks: 260381 GSS_Sat6Beta_Tracker, GSS_Sat6_Tracker 1317008
TreeView+ depends on / blocked
 
Reported: 2014-10-22 22:39 UTC by Maxim Burgerhout
Modified: 2022-03-13 13:55 UTC (History)
22 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-10-16 15:25:56 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Foreman Issue Tracker 6752 0 Normal Closed Audit Log File 2021-02-02 09:25:46 UTC
Red Hat Bugzilla 980152 0 high CLOSED [RFE] Add audit trail for all actions performed via UI and CLI 2022-03-13 13:52:09 UTC
Red Hat Bugzilla 1609158 0 low CLOSED KBASE article: How to integrate Satellite 6.4 logs and ElasticSearch 2021-02-22 00:41:40 UTC
Red Hat Knowledge Base (Solution) 2122161 0 None None None 2018-01-18 19:47:59 UTC
Red Hat Knowledge Base (Solution) 3545571 0 None None None 2019-01-14 09:42:30 UTC
Red Hat Product Errata RHSA-2018:2927 0 None None None 2018-10-16 15:27:08 UTC

Internal Links: 980152

Comment 1 RHEL Program Management 2014-10-22 22:42:51 UTC 
Since this issue was entered in Red Hat Bugzilla, the release flag has been
set to ? to ensure that it is properly evaluated for this release.
Comment 4 Dominic Cleal 2014-10-23 12:19:59 UTC 
Connecting redmine issue http://projects.theforeman.org/issues/6752 from this bug
Comment 5 Bryan Kearney 2014-10-30 15:49:49 UTC 
It may be possible to use foreman_hooks in the short term in order to do _something_ when audit records are created. Foreman_hooks is delivered with Satellite 6. The doco is missing, but you can read about it upstream at https://github.com/theforeman/foreman_hooks
Comment 7 Bryan Kearney 2015-08-25 18:32:18 UTC 
Upstream bug component is Audit Log
Comment 8 Ashfaqur Rahaman 2015-12-23 06:52:30 UTC 
Hi,

I have a case where customer is requesting some additional feature in audit logs as below : 

The additional audit functionality requested is:
- Auditing of all USER actions performed via the Web, hammer and API interfaces
- Internal automated processes should be excluded from these audits
- Ideally logs should be produced in XML format, although syslog-compatible format would also be acceptable.

The User Audit logs need to include:
- Event Timestamp
- The activity that generated the entry
- The item that has been changed due to the activity, with details of the change
- The username of the user that initiated the activity
- The status of the event, either success or failure

Some example events that would trigger these new audit logs would be:
- User login and logout from (including session timeout) the web interface
- Account creation, modification, locking or deletion
- Account role/attribute assignment/de-assignment
- Modification of data (changes to hosts, host groups, locations, content views, activation keys etc)
- Deletion of data

Will it be possible to incorporate in Satellite 6.2 ?

Thanks
Comment 10 Ashfaqur Rahaman 2016-01-04 02:41:45 UTC 
Hello,

More requirements on the audit logs :

Customer requires more detailed activity details in the audit log which will describe what the user has actually modified. 

For example: Currently Satellite 6 reports in the UI that "User X modified view Y at Date/time".  It doesn't say What the user actually modified inside the content view, but we require this detail for audit logging.

Would it be possible to include this request in this RFE ? 

This is very important for the customer. 

Thank you
Comment 12 Bryan Kearney 2016-02-17 21:30:57 UTC 
Thank you for the additional detail.
Comment 14 Bryan Kearney 2016-07-08 20:24:39 UTC 
Per 6.3 planning, moving out non acked bugs to the backlog
Comment 29 Bryan Kearney 2018-01-18 19:43:19 UTC 
*** Bug 1403137 has been marked as a duplicate of this bug. ***
Comment 30 Bryan Kearney 2018-01-18 19:45:53 UTC 
*** Bug 1269261 has been marked as a duplicate of this bug. ***
Comment 31 Bryan Kearney 2018-01-18 19:48:00 UTC 
*** Bug 980152 has been marked as a duplicate of this bug. ***
Comment 32 Brad Buckingham 2018-01-30 11:21:08 UTC 
*** Bug 1539084 has been marked as a duplicate of this bug. ***
Comment 33 Satellite Program 2018-04-03 12:21:45 UTC 
Upstream bug assigned to mhulan
Comment 34 Satellite Program 2018-04-03 12:21:54 UTC 
Upstream bug assigned to mhulan
Comment 35 Satellite Program 2018-04-04 10:21:41 UTC 
Moving this bug to POST for triage into Satellite 6 since the upstream issue http://projects.theforeman.org/issues/6752 has been resolved.
Comment 40 Roman Plevka 2018-09-20 14:47:27 UTC 
putting this to verified since all the bugs related to the feature have been resolved
Comment 42 errata-xmlrpc 2018-10-16 15:25:56 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:2927
Note You need to log in before you can comment on or make changes to this bug.