The Audit Log feature, Administration > Audit Log, tracks system configuration and run time changes in an audit trail. This provides the ability to report and correlate failures with configuration changes which can be very useful since a majority of system failures are due to configuration changes.
The audit facility reports on changes made from the Status Summary, Event Console, Cloud Hub, Downtime, and configuration applications.
Specifically, the action portlet in Status logs any commands sent to Nagios to be logged in the audit system and the action menu code in the Event Console (and the Event Portlet in Status) creates an audit entry for each action executed. Additionally, the Cloud Hub inventory synchronization routine creates an audit entry for each addition or deletion of a virtual machine or hypervisor instance as well as any threshold change into the audit system. Monarch configuration creates audit entries for all additions, deletions, and modifications of configuration data, and each commit command generates an audit entry.
The audit system lists the most recent activity first and includes the subsystem used, the host or group, service, action, user who issued the change, and the time of the change.
Filtering audit log activity
The user interface lists activity that can be filtered. Filters include the name of a Sub System (e.g., CloudHub), Host or Group Name (e.g., cadvisor:8098), Service Description, User Name (e.g., guest), and part of an activity Message text (e.g., docker). A Date-Time Range can also be used in filtering specific activity. Clicking a column title sorts the list by ascending or descending order.
Audit log content
The following table describes each of the columns content in the audit log:
|Activity Message||Displays the textual description of the change that has been made.|
|Subsystem||Indicates where the change occurred, the subsystem the audit action is logged for, (e.g., Console, SV (Status Viewer), Monarch, CloudHub).|
|Host or Group||Indicates the name of the host or group associated with the change, the host or group name the audit is logged for.|
|Service||Indicates the name of the service or instance of the change.|
|Action||Lists the audit action logged (e.g., ACTION, ADD, DELETE, MODIFY, ENABLE, DISABLE).|
|User||Displays the name of the user that performed the audited action.|
|Timestamp||Indicates the date and time the audit action was logged.|
Menu Editor (Documentation)
Users, Roles and Permissions (Documentation)
Adding Certificates to HTTPS (Documentation)
Configuration Files (Documentation)
How to create a new user (Knowledge Base)
How to manage menu items (Knowledge Base)
How to configure LDAP (Knowledge Base)
How to create a new role (Knowledge Base)
LDAP Mapping (Documentation)
How to manage system security (Knowledge Base)
NeDi Flowi NetFlow sFlow and packet capture (Documentation)