Auditlog stopped logging after upgrade to 4.8.X.
How do I debug this?
--Ingeborg
Hi!
I have a feeling this is on us. I will have a look at it and let you know.
-- John Magne Bredal john.m.bredal@uninett.no +4791897366
Abels gt. 5- Teknobyen NO-7465 Trondheim
________________________________________ Fra: nav-users-request@uninett.no nav-users-request@uninett.no på vegne av Ingeborg Hellemo ingeborg.hellemo@uit.no Sendt: 10. januar 2018 14:03 Til: nav-users@uninett.no Emne: Auditlog not logging
Auditlog stopped logging after upgrade to 4.8.X.
How do I debug this?
--Ingeborg
-- Ingeborg Østrem Hellemo -- ingeborg.hellemo@uit.no Dep. of Information Technology --- Univ. of Tromsø
On 10. jan. 2018 14:03, Ingeborg Hellemo wrote:
Auditlog stopped logging after upgrade to 4.8.X.
How do I debug this?
--Ingeborg
I have tested this on our side and it seems like it's working. However there is a very limited set of logentries created at the moment. I am working now to expand the list. This is what is logged as of 4.8.3:
PortAdmin - Change of ifalias - Change of adminstatus - Change of vlan - Change in trunk
And thats it.
What I am about to implement (after last discussion) is: - Changes to device attributes using SeedDB: (read_only, read_write, category, ip, room, organization, snmp_version) - Created device - Deleted device
- Created user - Deleted user - Changes to user
mvh
I also would like:
Change of OS-version on devices (if possible)
Is there any log of when users log on?
Peder
-----Opprinnelig melding----- Fra: nav-users-request@uninett.no [mailto:nav-users-request@uninett.no] På vegne av John Magne Bredal Sendt: 15. januar 2018 15:12 Til: Ingeborg Hellemo ingeborg.hellemo@uit.no; nav-users@uninett.no Emne: Re: Auditlog not logging
On 10. jan. 2018 14:03, Ingeborg Hellemo wrote:
Auditlog stopped logging after upgrade to 4.8.X.
How do I debug this?
--Ingeborg
I have tested this on our side and it seems like it's working. However there is a very limited set of logentries created at the moment. I am working now to expand the list. This is what is logged as of 4.8.3:
PortAdmin
- Change of ifalias
- Change of adminstatus
- Change of vlan
- Change in trunk
And thats it.
What I am about to implement (after last discussion) is:
Changes to device attributes using SeedDB: (read_only, read_write, category, ip, room, organization, snmp_version)
Created device
Deleted device
Created user
Deleted user
Changes to user
mvh
-- John Magne Bredal john.m.bredal@uninett.no +4791897366
Abels gt. 5- Teknobyen NO-7465 Trondheim
On 15. jan. 2018 15:39, Peder Magne Sefland wrote:
I also would like:
Change of OS-version on devices (if possible)
Yes, that is unfortunately a separate issue as auditlog as it is now logs only _user initiated_ changes. OS-version is automatically updated by ipdevpoll. We know that logging of these changes also are of interest, but at the moment auditlog does not do that.
Is there any log of when users log on?
Not at the moment. I will add that.
Peder
-----Opprinnelig melding----- Fra: nav-users-request@uninett.no [mailto:nav-users-request@uninett.no] På vegne av John Magne Bredal Sendt: 15. januar 2018 15:12 Til: Ingeborg Hellemo ingeborg.hellemo@uit.no; nav-users@uninett.no Emne: Re: Auditlog not logging
On 10. jan. 2018 14:03, Ingeborg Hellemo wrote:
Auditlog stopped logging after upgrade to 4.8.X.
How do I debug this?
--Ingeborg
I have tested this on our side and it seems like it's working. However there is a very limited set of logentries created at the moment. I am working now to expand the list. This is what is logged as of 4.8.3:
PortAdmin
- Change of ifalias
- Change of adminstatus
- Change of vlan
- Change in trunk
And thats it.
What I am about to implement (after last discussion) is:
Changes to device attributes using SeedDB: (read_only, read_write, category, ip, room, organization, snmp_version)
Created device
Deleted device
Created user
Deleted user
Changes to user
mvh
-- John Magne Bredal john.m.bredal@uninett.no +4791897366
Abels gt. 5- Teknobyen NO-7465 Trondheim
john.m.bredal@uninett.no said:
I have tested this on our side and it seems like it's working.
Strange. I checked our database, and the data is indeed there:
nav=> select timestamp,verb from auditlog_logentry; ... 2018-01-15 08:42:23.238702+01 | change status to up | change status to up 2018-01-15 10:58:58.29393+01 | set-vlan | bjo053: lh007-sw.infra:Gi1/0/23 - vlan set to "510" 2018-01-15 10:59:27.38976+01 | set-vlan | bjo053: lh007-sw.infra:Gi1/0/20 - vlan set to "510"
But the webinterface refuses to show me anything newer than 2017-09-27T12:39:16.623
Ideas?
--Ingeborg
We're seeing the same thing at the University of Oslo.
The gui is only displaying the first 100 entries.
best regards Andreas Dobloug USIT/UiO
-----Original Message----- From: nav-users-request@uninett.no [mailto:nav-users-request@uninett.no] On Behalf Of Ingeborg Hellemo Sent: Tuesday, January 16, 2018 9:19 AM To: John Magne Bredal Cc: nav-users@uninett.no Subject: Re: Auditlog not logging
john.m.bredal@uninett.no said:
I have tested this on our side and it seems like it's working.
Strange. I checked our database, and the data is indeed there:
nav=> select timestamp,verb from auditlog_logentry; ... 2018-01-15 08:42:23.238702+01 | change status to up | change status to up 2018-01-15 10:58:58.29393+01 | set-vlan | bjo053: lh007-sw.infra:Gi1/0/23 - vlan set to "510" 2018-01-15 10:59:27.38976+01 | set-vlan | bjo053: lh007-sw.infra:Gi1/0/20 - vlan set to "510"
But the webinterface refuses to show me anything newer than 2017-09-27T12:39:16.623
Ideas?
--Ingeborg
Ingeborg Østrem Hellemo -- ingeborg.hellemo@uit.no Dep. of Information Technology --- Univ. of Tromsø
andreas.dobloug@usit.uio.no said:
We're seeing the same thing at the University of Oslo. The gui is only displaying the first 100 entries.
Yes! Well spotted. That explains the random cutoff timestamp.
--Ingeborg
I've created a new issue in the github repo: #1655
best regards Andreas Dobloug nett-drift/USIT
-----Original Message----- From: Ingeborg Hellemo [mailto:ingeborg.hellemo@uit.no] Sent: Tuesday, January 16, 2018 9:56 AM To: Andreas Dobloug Cc: nav-users@uninett.no Subject: Re: Auditlog not logging
andreas.dobloug@usit.uio.no said:
We're seeing the same thing at the University of Oslo. The gui is only displaying the first 100 entries.
Yes! Well spotted. That explains the random cutoff timestamp.
--Ingeborg
Ingeborg Østrem Hellemo -- ingeborg.hellemo@uit.no Dep. of Information Technology --- Univ. of Tromsø
Looks like there's already a pull request on this bug (#1654). I'm closing the issue.
Best regards Andreas Dobloug
-----Original Message----- From: nav-users-request@uninett.no [mailto:nav-users-request@uninett.no] On Behalf Of Andreas Dobloug Sent: Wednesday, January 17, 2018 2:15 PM To: nav-users@uninett.no Subject: RE: Auditlog not logging
I've created a new issue in the github repo: #1655
best regards Andreas Dobloug nett-drift/USIT
-----Original Message----- From: Ingeborg Hellemo [mailto:ingeborg.hellemo@uit.no] Sent: Tuesday, January 16, 2018 9:56 AM To: Andreas Dobloug Cc: nav-users@uninett.no Subject: Re: Auditlog not logging
andreas.dobloug@usit.uio.no said:
We're seeing the same thing at the University of Oslo. The gui is only displaying the first 100 entries.
Yes! Well spotted. That explains the random cutoff timestamp.
--Ingeborg
Ingeborg Østrem Hellemo -- ingeborg.hellemo@uit.no Dep. of Information Technology --- Univ. of Tromsø
On 17. jan. 2018 14:20, Andreas Dobloug wrote:
Looks like there's already a pull request on this bug (#1654). I'm closing the issue.
Best regards Andreas Dobloug
Yes, I have been working on this lately. It should now have a more consistent behaviour. It is considered a bugfix and will be a part of 4.8.4.
You can see my comments at https://github.com/UNINETT/nav/pull/1654
-----Original Message----- From: nav-users-request@uninett.no [mailto:nav-users-request@uninett.no] On Behalf Of Andreas Dobloug Sent: Wednesday, January 17, 2018 2:15 PM To: nav-users@uninett.no Subject: RE: Auditlog not logging
I've created a new issue in the github repo: #1655
best regards Andreas Dobloug nett-drift/USIT
-----Original Message----- From: Ingeborg Hellemo [mailto:ingeborg.hellemo@uit.no] Sent: Tuesday, January 16, 2018 9:56 AM To: Andreas Dobloug Cc: nav-users@uninett.no Subject: Re: Auditlog not logging
andreas.dobloug@usit.uio.no said:
We're seeing the same thing at the University of Oslo. The gui is only displaying the first 100 entries.
Yes! Well spotted. That explains the random cutoff timestamp.
--Ingeborg
Ingeborg Østrem Hellemo -- ingeborg.hellemo@uit.no Dep. of Information Technology --- Univ. of Tromsø
-
Andreas Dobloug -
Ingeborg Hellemo -
John Magne Bredal -
Peder Magne Sefland