Bug 1155817 - [RFE] Improve auditing and externalize audit logs
Summary: [RFE] Improve auditing and externalize audit logs
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Satellite 6
Classification: Red Hat
Component: Audit Log
Version: 6.0.4
Hardware: Unspecified
OS: Unspecified
high
high vote
Target Milestone: 6.4.0
Assignee: Marek Hulan
QA Contact: Roman Plevka
URL: http://projects.theforeman.org/issues...
Whiteboard:
: 980152 1269261 1403137 1539084 (view as bug list)
Depends On:
Blocks: 1317008 260381 GSS_Sat6Beta_Tracker, GSS_Sat6_Tracker
TreeView+ depends on / blocked
 
Reported: 2014-10-22 22:39 UTC by Maxim Burgerhout
Modified: 2019-11-05 22:59 UTC (History)
22 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-10-16 15:25:56 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2018:2927 None None None 2018-10-16 15:27:08 UTC
Foreman Issue Tracker 6752 None None None 2016-04-26 17:07:04 UTC
Red Hat Bugzilla 980152 None CLOSED [RFE] Add audit trail for all actions performed via UI and CLI 2019-11-05 22:55:22 UTC
Red Hat Bugzilla 1609158 None CLOSED KBASE article: How to integrate Satellite 6.4 logs and ElasticSearch 2019-11-05 22:55:19 UTC
Red Hat Knowledge Base (Solution) 2122161 None None None 2018-01-18 19:47:59 UTC
Red Hat Knowledge Base (Solution) 3545571 None None None 2019-01-14 09:42:30 UTC

Internal Links: 980152

Comment 1 RHEL Product and Program Management 2014-10-22 22:42:51 UTC
Since this issue was entered in Red Hat Bugzilla, the release flag has been
set to ? to ensure that it is properly evaluated for this release.

Comment 4 Dominic Cleal 2014-10-23 12:19:59 UTC
Connecting redmine issue http://projects.theforeman.org/issues/6752 from this bug

Comment 5 Bryan Kearney 2014-10-30 15:49:49 UTC
It may be possible to use foreman_hooks in the short term in order to do _something_ when audit records are created. Foreman_hooks is delivered with Satellite 6. The doco is missing, but you can read about it upstream at https://github.com/theforeman/foreman_hooks

Comment 7 Bryan Kearney 2015-08-25 18:32:18 UTC
Upstream bug component is Audit Log

Comment 8 Ashfaqur Rahaman 2015-12-23 06:52:30 UTC
Hi,

I have a case where customer is requesting some additional feature in audit logs as below : 

The additional audit functionality requested is:
- Auditing of all USER actions performed via the Web, hammer and API interfaces
- Internal automated processes should be excluded from these audits
- Ideally logs should be produced in XML format, although syslog-compatible format would also be acceptable.

The User Audit logs need to include:
- Event Timestamp
- The activity that generated the entry
- The item that has been changed due to the activity, with details of the change
- The username of the user that initiated the activity
- The status of the event, either success or failure

Some example events that would trigger these new audit logs would be:
- User login and logout from (including session timeout) the web interface
- Account creation, modification, locking or deletion
- Account role/attribute assignment/de-assignment
- Modification of data (changes to hosts, host groups, locations, content views, activation keys etc)
- Deletion of data

Will it be possible to incorporate in Satellite 6.2 ?

Thanks

Comment 10 Ashfaqur Rahaman 2016-01-04 02:41:45 UTC
Hello,

More requirements on the audit logs :

Customer requires more detailed activity details in the audit log which will describe what the user has actually modified. 

For example: Currently Satellite 6 reports in the UI that "User X modified view Y at Date/time".  It doesn't say What the user actually modified inside the content view, but we require this detail for audit logging.

Would it be possible to include this request in this RFE ? 

This is very important for the customer. 

Thank you

Comment 12 Bryan Kearney 2016-02-17 21:30:57 UTC
Thank you for the additional detail.

Comment 14 Bryan Kearney 2016-07-08 20:24:39 UTC
Per 6.3 planning, moving out non acked bugs to the backlog

Comment 29 Bryan Kearney 2018-01-18 19:43:19 UTC
*** Bug 1403137 has been marked as a duplicate of this bug. ***

Comment 30 Bryan Kearney 2018-01-18 19:45:53 UTC
*** Bug 1269261 has been marked as a duplicate of this bug. ***

Comment 31 Bryan Kearney 2018-01-18 19:48:00 UTC
*** Bug 980152 has been marked as a duplicate of this bug. ***

Comment 32 Brad Buckingham 2018-01-30 11:21:08 UTC
*** Bug 1539084 has been marked as a duplicate of this bug. ***

Comment 33 pm-sat@redhat.com 2018-04-03 12:21:45 UTC
Upstream bug assigned to mhulan@redhat.com

Comment 34 pm-sat@redhat.com 2018-04-03 12:21:54 UTC
Upstream bug assigned to mhulan@redhat.com

Comment 35 pm-sat@redhat.com 2018-04-04 10:21:41 UTC
Moving this bug to POST for triage into Satellite 6 since the upstream issue http://projects.theforeman.org/issues/6752 has been resolved.

Comment 40 Roman Plevka 2018-09-20 14:47:27 UTC
putting this to verified since all the bugs related to the feature have been resolved

Comment 42 errata-xmlrpc 2018-10-16 15:25:56 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:2927


Note You need to log in before you can comment on or make changes to this bug.