[dev.icinga.com #12976] Audit Log

[icinga-migration]

This issue has been migrated from Redmine: https://dev.icinga.com/issues/12976

Created by twidhalm on 2016-10-25 07:48:24 +00:00

Assignee: tgelf
Status: Resolved (closed on 2016-11-02 17:45:04 +00:00)
Target Version: 1.2.0
Last Update: 2016-11-02 17:45:04 +00:00 (in Redmine)

---

Hi,

A customer of mine needs, in addition to the audit log in the database, an external audit log via syslog or as a plaintext file. While the database is great for searching, an external log in a seperate file or in syslog could be handled more safely when it comes to prohibit manipulation. This log should contain more or less the same information as the audit log in the database. e.g. who changed when which object - if possible with a hint, what was changed.

Cheers,
Thomas

Changesets

2016-11-02 17:40:43 +00:00 by tgelf 468a271

DirectorActivityLog: optionally log to file/syslog

fixes #12976

[icinga-migration]

Updated by twidhalm on 2016-10-25 08:03:12 +00:00

Maybe the easiest way to implement this would be to talk to the local syslog system to have the log formatted in a standardised way. While using a more sophisiticated log format like GELF (seems to be very appropriate ;-) ) would have benefits when parsing the log, using syslog would make it easier to connect to WORM, audit or SIEM systems.

Both, syslog and a more sophisticated log format, would be nice but since development resources are not infinite, please be sure to make syslog the higher priority.

[icinga-migration]

Updated by tgelf on 2016-10-25 11:50:11 +00:00

• Target Version set to 1.2.0

[icinga-migration]

Updated by tgelf on 2016-11-02 17:38:16 +00:00

• Status changed from New to Assigned
• Assigned to set to tgelf

[icinga-migration]

Updated by tgelf on 2016-11-02 17:45:04 +00:00

• Status changed from Assigned to Resolved
• Done % changed from 0 to 100

Applied in changeset 468a271.