<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Dne 5.12.2013 18:34, Itamar Heim
napsal(a):<br>
</div>
<blockquote cite="mid:52A0B91D.20505@redhat.com" type="cite">On
12/05/2013 06:13 PM, Jakub Bittner wrote:
<br>
<blockquote type="cite">Dne 5.12.2013 17:00, Sander Grendelman
napsal(a):
<br>
<blockquote type="cite"><a class="moz-txt-link-freetext" href="https://">https://</a><your engine
host>/api/events
<br>
</blockquote>
Great, I did not know about this page, it is better(formated)
source
<br>
than logs, but it still has the same issue. I can get info about
what
<br>
happened, but not exact info about what was done.
<br>
</blockquote>
<br>
just btw, this is the "events" log from the webadmin.
<br>
it covers actions done by users, not content of the edit operation
(something piotr started looking into).
<br>
<br>
with the move of the gui to work over the rest api, maybe just
auditing the api payload for these actions would be good enough?
<br>
<br>
<br>
<blockquote type="cite">
<br>
<event href="/api/events/5341" id="5341">
<br>
<description>Interface nic1 (VirtIO) was updated for VM
<br>
server1.test.org. (User: user1)</description>
<br>
<code>934</code>
<br>
<severity>normal</severity>
<br>
<time>2013-12-05T16:35:46.263+01:00</time>
<br>
<correlation_id>7e60ae1</correlation_id>
<br>
<user href="/api/users/6d8fd48a-1072-11e3-b3ea-001a4ag8039d"
<br>
id="6d8fd48a-1072-11e3-c3ea-001a4aa8039d"/>
<br>
<vm href="/api/vms/cc821292-80c0-4b85-a912-0b8a969c22c9"
<br>
id="cc821292-80c0-4b85-a832-0b8a969c22c9"/>
<br>
<cluster
href="/api/clusters/99408929-78cf-4dc7-a532-9d998063fa95"
<br>
id="99408929-82cf-4dc7-a532-9d998063fa95"/>
<br>
<data_center
<br>
href="/api/datacenters/5849b030-626e-47cb-ad90-3ce782d831b3"
<br>
id="5849b030-612e-47cb-ad90-3ce782d831b3"/>
<br>
<origin>oVirt</origin>
<br>
<custom_id>-1</custom_id>
<br>
<flood_rate>30</flood_rate>
<br>
</event>
<br>
<br>
<br>
_______________________________________________
<br>
Users mailing list
<br>
<a class="moz-txt-link-abbreviated" href="mailto:Users@ovirt.org">Users@ovirt.org</a>
<br>
<a class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a>
<br>
</blockquote>
<br>
</blockquote>
<br>
If I can have an suggestion, we discus audit log and for our siem it
would be great format like:<br>
<br>
user: user1 action: powered off vm: VM1<span style="color: rgb(0, 0,
0); font-family: monospace; font-size: 13px; font-style: normal;
font-variant: normal; font-weight: normal; letter-spacing: normal;
line-height: normal; orphans: auto; text-align: start;
text-indent: 0px; text-transform: none; white-space: normal;
widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;
display: inline !important; float: none;"><span style="color:
rgb(0, 0, 0); font-family: monospace; font-size: 13px;
font-style: normal; font-variant: normal; font-weight: normal;
letter-spacing: normal; line-height: normal; orphans: auto;
text-align: start; text-indent: 0px; text-transform: none;
white-space: normal; widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px; display: inline !important;
float: none;"><span style="color: rgb(0, 0, 0); font-family:
monospace; font-size: 13px; font-style: normal; font-variant:
normal; font-weight: normal; letter-spacing: normal;
line-height: normal; orphans: auto; text-align: start;
text-indent: 0px; text-transform: none; white-space: normal;
widows: auto; word-spacing: 0px; -webkit-text-stroke-width:
0px; display: inline !important; float: none;">.test.com</span></span></span>
host: <span style="color: rgb(0, 0, 0); font-family: monospace;
font-size: 13px; font-style: normal; font-variant: normal;
font-weight: normal; letter-spacing: normal; line-height: normal;
orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px; display: inline
!important; float: none;"><span style="color: rgb(0, 0, 0);
font-family: monospace; font-size: 13px; font-style: normal;
font-variant: normal; font-weight: normal; letter-spacing:
normal; line-height: normal; orphans: auto; text-align: start;
text-indent: 0px; text-transform: none; white-space: normal;
widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;
display: inline !important; float: none;"><span style="color:
rgb(0, 0, 0); font-family: monospace; font-size: 13px;
font-style: normal; font-variant: normal; font-weight: normal;
letter-spacing: normal; line-height: normal; orphans: auto;
text-align: start; text-indent: 0px; text-transform: none;
white-space: normal; widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px; display: inline !important;
float: none;">ovirt.test.com<br>
<br>
user: </span></span></span>user1 action: <span style="color:
rgb(0, 0, 0); font-family: monospace; font-size: 13px; font-style:
normal; font-variant: normal; font-weight: normal; letter-spacing:
normal; line-height: normal; orphans: auto; text-align: start;
text-indent: 0px; text-transform: none; white-space: normal;
widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;
display: inline !important; float: none;">logged in<br>
<br>
user: </span>user1 action: <span style="color: rgb(0, 0, 0);
font-family: monospace; font-size: 13px; font-style: normal;
font-variant: normal; font-weight: normal; letter-spacing: normal;
line-height: normal; orphans: auto; text-align: start;
text-indent: 0px; text-transform: none; white-space: normal;
widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;
display: inline !important; float: none;">initiated console
session</span> <span style="color: rgb(0, 0, 0); font-family:
monospace; font-size: 13px; font-style: normal; font-variant:
normal; font-weight: normal; letter-spacing: normal; line-height:
normal; orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px; display: inline
!important; float: none;">VM: </span><span style="color: rgb(0,
0, 0); font-family: monospace; font-size: 13px; font-style:
normal; font-variant: normal; font-weight: normal; letter-spacing:
normal; line-height: normal; orphans: auto; text-align: start;
text-indent: 0px; text-transform: none; white-space: normal;
widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;
display: inline !important; float: none;"><span style="color:
rgb(0, 0, 0); font-family: monospace; font-size: 13px;
font-style: normal; font-variant: normal; font-weight: normal;
letter-spacing: normal; line-height: normal; orphans: auto;
text-align: start; text-indent: 0px; text-transform: none;
white-space: normal; widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px; display: inline !important;
float: none;"><span style="color: rgb(0, 0, 0); font-family:
monospace; font-size: 13px; font-style: normal; font-variant:
normal; font-weight: normal; letter-spacing: normal;
line-height: normal; orphans: auto; text-align: start;
text-indent: 0px; text-transform: none; white-space: normal;
widows: auto; word-spacing: 0px; -webkit-text-stroke-width:
0px; display: inline !important; float: none;">VM5.test.com<br>
<br>
user: user1 action: changed network interface detail:
secure_vlan to insecure_vlan on vnic1 vm: testserver.test.com<br>
</span></span></span>
</body>
</html>