1619391 – ovirt-aaa-jdbc-tool detailed logging for users

Bug 1619391 - ovirt-aaa-jdbc-tool detailed logging for users

Summary: ovirt-aaa-jdbc-tool detailed logging for users

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Virtualization Manager
Classification:	Red Hat
Component:	ovirt-engine-extension-aaa-jdbc
Sub Component:
Version:	4.2.5
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	medium
Target Milestone:	ovirt-4.3.2
Target Release:	4.3.0
Assignee:	Martin Perina
QA Contact:	Petr Matyáš
Docs Contact:	Rolfe Dlugy-Hegwer
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2018-08-20 17:24 UTC by schandle
Modified:	2019-05-08 12:35 UTC (History)
CC List:	8 users (show)
Fixed In Version:	ovirt-engine-extension-aaa-jdbc-1.1.9-1
Doc Type:	Enhancement
Doc Text:	In the current release, invoking the ovirt-aaa-jdbc-tool logs the following three events to the syslog server: the user who invokes the ovirt-aaa-jdbc-tool; the parameters passed to ovirt-aaa-jdbc-tool except filter passwords; and whether invoking ovirt-aaa-jdbc-tool was successful.
Clone Of:
Environment:
Last Closed:	2019-05-08 12:35:29 UTC
oVirt Team:	Infra
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2019:1071	None	None	None	2019-05-08 12:35:31 UTC
oVirt gerrit	98147	master	MERGED	core: Log tool execution to syslog	2019-03-01 15:45:57 UTC
oVirt gerrit	98205	ovirt-engine-extension-aaa-jdbc-1.1	MERGED	core: Log tool execution to syslog	2019-03-04 10:43:44 UTC

Description schandle 2018-08-20 17:24:42 UTC

Description of problem:
When using the ovirt-aaa-jdbc-tool, there is only stdout/stderr for logging of users being added or modified.  For security auditing, this information is not gathered in logs for archival referencing of who created the internal user or even when the user was created. 

Version-Release number of selected component (if applicable):
RHV 4.2
ovirt-engine-extension-aaa-jdbc-1.1.7-1.el7ev

How reproducible:
100%

Steps to Reproduce:
1. ovirt-aaa-jdbc-tool --log-level=ALL
2. ovirt-aaa-jdbc-tool user add test2 --attribute=firstName=John --attribute=lastName=Doe
3.

Actual results:
We see the stdout, however this information is not being logged

Expected results:
Have an archival referance of the user that was created or modified for internal users whether it is in the engine log or in the database. 

Additional info:
I see Bug 1255416, there is not issue with a stdout/stderr.  Looking for a way to parse this information for auditing users.

Comment 5 Petr Matyáš 2019-03-07 09:36:37 UTC

Verified on ovirt-engine-extension-aaa-jdbc-1.1.9-1.el7ev.noarch

Comment 8 errata-xmlrpc 2019-05-08 12:35:29 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:1071

Note You need to log in before you can comment on or make changes to this bug.