6:51 p.m.
This is a multi-part message in MIME format.
--------------000306080908080906080609
Content-Type: text/plain; charset=ISO-8859-2; format=flowed
Content-Transfer-Encoding: 7bit
Hello,
I am curious how to audit user actions in oVirt web interface. From
engine.log we are able to extract when user logged in, when he updated
vnicProfile and so, but we can not get exact changes (behavior).
Right now I can get logs like:
2013-12-05 16:35:46,270 INFO
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
(ajp--127.0.0.1-8702-6) Correlation ID: 7e60ae1, Call Stack: null,
Custom Event ID: -1, Message: Interface nic1 (VirtIO) was updated for VM
test.test.org. (User: user1)
But it would be nice to get logs like:
2013-12-05 16:35:46,270 INFO
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
(ajp--127.0.0.1-8702-6) Correlation ID: 7e60ae1, Call Stack: null,
Custom Event ID: -1, Message: Interface nic1 (VirtIO) was updated for VM
test.test.org *from secure_vlan to unsecure_vlan*. (User: user1)
My point is to have a feature which can give us possibility to construct
exact user behavior and action in managing oVirt. It could be useful not
even in hunting bugs, but primary in security problem hunting.
Thank you.
Jakub Bittner
--------------000306080908080906080609
Content-Type: text/html; charset=ISO-8859-2
Content-Transfer-Encoding: 8bit
<html>
<head>
<meta http-equiv="content-type" content="text/html;
charset=ISO-8859-2">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hello,<br>
<br>
I am curious how to audit user actions in oVirt web interface. From
engine.log we are able to extract when user logged in, when he
updated vnicProfile and so, but we can not get exact changes
(behavior).<br>
<br>
Right now I can get logs like:<br>
<br>
2013-12-05 16:35:46,270 INFO
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
(ajp--127.0.0.1-8702-6) Correlation ID: 7e60ae1, Call Stack: null,
Custom Event ID: -1, Message: Interface nic1 (VirtIO) was updated
for VM test.test.org. (User: user1)
<br>
<br>
But it would be nice to get logs like:<br>
<br>
2013-12-05 16:35:46,270 INFO
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector]
(ajp--127.0.0.1-8702-6) Correlation ID: 7e60ae1, Call Stack: null,
Custom Event ID: -1, Message: Interface nic1 (VirtIO) was updated
for VM test.test.org <b>from secure_vlan to unsecure_vlan</b>.
(User: user1)
<br>
<br>
My point is to have a feature which can give us possibility to
construct exact user behavior and action in managing oVirt. It could
be useful not even in hunting bugs, but primary in security problem
hunting.<br>
<br>
Thank you.<br>
<br>
Jakub Bittner<br>
</body>
</html>
--------------000306080908080906080609--