Discussion:
Auditing in Zenoss Core 4.2.4
thomas
2013-11-15 13:49:18 UTC
Permalink
thomas [http://community.zenoss.org/people/thomas] created the discussion

"Auditing in Zenoss Core 4.2.4"

To view the discussion, visit: http://community.zenoss.org/message/75282#75282

--------------------------------------------------------------
Hey

I was wondering if anybody knows some way (either pretty or hacky) to get some kind of audit-log out of zenoss core 4.2.4?

I was thinking about such operations as:
* Changing production state of device
* Changing template-bindings
* Assign/reassign of groups/systems/locations

I can see that Z2.log contains some of this that might be usefull, unfortunately this logfile does not include the user that has performed the operation.

So this might be OK if we could get Zope (or whatever component is responsible) to log the username instead of just "Anonymous"

I know that auditing is an Enterprise feature, but this is not an option.

Thomas
--------------------------------------------------------------

Reply to this message by replying to this email -or- go to the discussion on Zenoss Community
[http://community.zenoss.org/message/75282#75282]

Start a new discussion in zenoss-users at Zenoss Community
[http://community.zenoss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2003]
Alan Milligan
2013-11-21 23:49:55 UTC
Permalink
Alan Milligan [http://community.zenoss.org/people/milligana] created the discussion

"Re: Auditing in Zenoss Core 4.2.4"

To view the discussion, visit: http://community.zenoss.org/message/75314#75314

--------------------------------------------------------------
If you're accessing Zenoss/Zope thru Apache/Squid or the like, ZServer/medusa doesn't get the correct auth headers to determine user name - and just assigns 'Anonymous'.

We have patches to our hardened Zope that fix this.
--------------------------------------------------------------

Reply to this message by replying to this email -or- go to the discussion on Zenoss Community
[http://community.zenoss.org/message/75314#75314]

Start a new discussion in zenoss-users at Zenoss Community
[http://community.zenoss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2003]
thomas
2013-11-22 13:20:50 UTC
Permalink
thomas [http://community.zenoss.org/people/thomas] created the discussion

"Re: Auditing in Zenoss Core 4.2.4"

To view the discussion, visit: http://community.zenoss.org/message/75304#75304

--------------------------------------------------------------
I'm not using anything like that, I access the zenoss instance directly on port 8080... my users are in LDAP directory if that does make a differnce.

I have tried the hints here: http://community.zenoss.org/thread/13381?start=15&tstart=0 http://community.zenoss.org/thread/13381?start=15&tstart=0

But this doesn't really help me, I still just get "Anonymous" in the logfile... I have tried debugging in http_server.py and it seems as though I don't have the correct auth-cookie.

I tried to dump alle cookies (via pprint in http_server.py) and there are no __ginger_snap or alike that I can parse.
--------------------------------------------------------------

Reply to this message by replying to this email -or- go to the discussion on Zenoss Community
[http://community.zenoss.org/message/75304#75304]

Start a new discussion in zenoss-users at Zenoss Community
[http://community.zenoss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2003]
Alan Milligan
2013-11-22 22:49:40 UTC
Permalink
Alan Milligan [http://community.zenoss.org/people/milligana] created the discussion

"Re: Auditing in Zenoss Core 4.2.4"

To view the discussion, visit: http://community.zenoss.org/message/75315#75315

--------------------------------------------------------------
You *are* using cookies and not sessions right ...
--------------------------------------------------------------

Reply to this message by replying to this email -or- go to the discussion on Zenoss Community
[http://community.zenoss.org/message/75315#75315]

Start a new discussion in zenoss-users at Zenoss Community
[http://community.zenoss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2003]
thomas
2013-11-23 08:55:56 UTC
Permalink
thomas [http://community.zenoss.org/people/thomas] created the discussion

"Re: Auditing in Zenoss Core 4.2.4"

To view the discussion, visit: http://community.zenoss.org/message/75316#75316

--------------------------------------------------------------
No I don't think so... from what I can debug, it is actually using session auth, but how do I switch to cookiebased authentication?

Or does someone have a patch so that the http_server logs based on sessions? I have, what seems to be, a session ID (ZopeID) but I havent found a way to translate this information into a username.
--------------------------------------------------------------

Reply to this message by replying to this email -or- go to the discussion on Zenoss Community
[http://community.zenoss.org/message/75316#75316]

Start a new discussion in zenoss-users at Zenoss Community
[http://community.zenoss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2003]
Alan Milligan
2013-11-24 05:43:21 UTC
Permalink
Alan Milligan [http://community.zenoss.org/people/milligana] created the discussion

"Re: Auditing in Zenoss Core 4.2.4"

To view the discussion, visit: http://community.zenoss.org/message/75317#75317

--------------------------------------------------------------
In Advanced > Settings, at the bottom there's a radio button for cookie or session-based authentication.  Make sure it's cookie and you'll then at least get as far as __ginger_snap being set ...
--------------------------------------------------------------

Reply to this message by replying to this email -or- go to the discussion on Zenoss Community
[http://community.zenoss.org/message/75317#75317]

Start a new discussion in zenoss-users at Zenoss Community
[http://community.zenoss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2003]
thomas
2013-11-25 08:24:09 UTC
Permalink
thomas [http://community.zenoss.org/people/thomas] created the discussion

"Re: Auditing in Zenoss Core 4.2.4"

To view the discussion, visit: http://community.zenoss.org/message/75308#75308

--------------------------------------------------------------
Thanks for the pointer Alan, now i'm getting my username printed in the Z2.log.. I now just need to see how I can write something useful in the logfile.
--------------------------------------------------------------

Reply to this message by replying to this email -or- go to the discussion on Zenoss Community
[http://community.zenoss.org/message/75308#75308]

Start a new discussion in zenoss-users at Zenoss Community
[http://community.zenoss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2003]
Loading...