Bug 1155817 - [RFE] Improve auditing and externalize audit logs
Summary: [RFE] Improve auditing and externalize audit logs
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Audit Log
Version: 6.0.4
Hardware: Unspecified
OS: Unspecified
high vote
Target Milestone: 6.4.0
Assignee: Marek Hulan
QA Contact: Roman Plevka
URL: http://projects.theforeman.org/issues...
: 980152 1269261 1403137 1539084 (view as bug list)
Depends On:
Blocks: 260381 GSS_Sat6Beta_Tracker, GSS_Sat6_Tracker 1317008
TreeView+ depends on / blocked
Reported: 2014-10-22 22:39 UTC by Maxim Burgerhout
Modified: 2022-03-13 13:55 UTC (History)
22 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Last Closed: 2018-10-16 15:25:56 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Foreman Issue Tracker 6752 0 Normal Closed Audit Log File 2021-02-02 09:25:46 UTC
Red Hat Bugzilla 980152 0 high CLOSED [RFE] Add audit trail for all actions performed via UI and CLI 2022-03-13 13:52:09 UTC
Red Hat Bugzilla 1609158 0 low CLOSED KBASE article: How to integrate Satellite 6.4 logs and ElasticSearch 2021-02-22 00:41:40 UTC
Red Hat Knowledge Base (Solution) 2122161 0 None None None 2018-01-18 19:47:59 UTC
Red Hat Knowledge Base (Solution) 3545571 0 None None None 2019-01-14 09:42:30 UTC
Red Hat Product Errata RHSA-2018:2927 0 None None None 2018-10-16 15:27:08 UTC

Internal Links: 980152

Comment 1 RHEL Program Management 2014-10-22 22:42:51 UTC
Since this issue was entered in Red Hat Bugzilla, the release flag has been
set to ? to ensure that it is properly evaluated for this release.

Comment 4 Dominic Cleal 2014-10-23 12:19:59 UTC
Connecting redmine issue http://projects.theforeman.org/issues/6752 from this bug

Comment 5 Bryan Kearney 2014-10-30 15:49:49 UTC
It may be possible to use foreman_hooks in the short term in order to do _something_ when audit records are created. Foreman_hooks is delivered with Satellite 6. The doco is missing, but you can read about it upstream at https://github.com/theforeman/foreman_hooks

Comment 7 Bryan Kearney 2015-08-25 18:32:18 UTC
Upstream bug component is Audit Log

Comment 8 Ashfaqur Rahaman 2015-12-23 06:52:30 UTC

I have a case where customer is requesting some additional feature in audit logs as below : 

The additional audit functionality requested is:
- Auditing of all USER actions performed via the Web, hammer and API interfaces
- Internal automated processes should be excluded from these audits
- Ideally logs should be produced in XML format, although syslog-compatible format would also be acceptable.

The User Audit logs need to include:
- Event Timestamp
- The activity that generated the entry
- The item that has been changed due to the activity, with details of the change
- The username of the user that initiated the activity
- The status of the event, either success or failure

Some example events that would trigger these new audit logs would be:
- User login and logout from (including session timeout) the web interface
- Account creation, modification, locking or deletion
- Account role/attribute assignment/de-assignment
- Modification of data (changes to hosts, host groups, locations, content views, activation keys etc)
- Deletion of data

Will it be possible to incorporate in Satellite 6.2 ?


Comment 10 Ashfaqur Rahaman 2016-01-04 02:41:45 UTC

More requirements on the audit logs :

Customer requires more detailed activity details in the audit log which will describe what the user has actually modified. 

For example: Currently Satellite 6 reports in the UI that "User X modified view Y at Date/time".  It doesn't say What the user actually modified inside the content view, but we require this detail for audit logging.

Would it be possible to include this request in this RFE ? 

This is very important for the customer. 

Thank you

Comment 12 Bryan Kearney 2016-02-17 21:30:57 UTC
Thank you for the additional detail.

Comment 14 Bryan Kearney 2016-07-08 20:24:39 UTC
Per 6.3 planning, moving out non acked bugs to the backlog

Comment 29 Bryan Kearney 2018-01-18 19:43:19 UTC
*** Bug 1403137 has been marked as a duplicate of this bug. ***

Comment 30 Bryan Kearney 2018-01-18 19:45:53 UTC
*** Bug 1269261 has been marked as a duplicate of this bug. ***

Comment 31 Bryan Kearney 2018-01-18 19:48:00 UTC
*** Bug 980152 has been marked as a duplicate of this bug. ***

Comment 32 Brad Buckingham 2018-01-30 11:21:08 UTC
*** Bug 1539084 has been marked as a duplicate of this bug. ***

Comment 33 Satellite Program 2018-04-03 12:21:45 UTC
Upstream bug assigned to mhulan

Comment 34 Satellite Program 2018-04-03 12:21:54 UTC
Upstream bug assigned to mhulan

Comment 35 Satellite Program 2018-04-04 10:21:41 UTC
Moving this bug to POST for triage into Satellite 6 since the upstream issue http://projects.theforeman.org/issues/6752 has been resolved.

Comment 40 Roman Plevka 2018-09-20 14:47:27 UTC
putting this to verified since all the bugs related to the feature have been resolved

Comment 42 errata-xmlrpc 2018-10-16 15:25:56 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.