User log Monitoring

Comments (7)

1. 

   Hussain Mohammed reporter

   • changed status to open

   • 2022-10-31T09:15:38+00:00
2. 

   Tildeslash repo owner

   Issue #1051 was marked as a duplicate of this issue.

   • 2022-10-31T19:58:56+00:00
3. 

   Tildeslash repo owner

   • marked as minor
   • marked as enhancement

   • 2022-10-31T19:59:37+00:00
4. 

   Tildeslash repo owner

   Hello,

   ‌

   you can uncomment the <AccessLogger> element in the conf/server.xml file and restart M/Monit to get log of all M/Monit requests.

   Best regards

   • 2022-10-31T20:01:42+00:00
5. 

   Hussain Mohammed reporter

   Dears,

   Already <AccessLogger> element in the conf/server.xml file is uncommented as below:

   AccessLogger directory="logs" fileName="localhost_access.log" rotate="month" />
   

   However, as the explanation in the ticket description, user action logs is not recorded. For example, if “user1” stop “service1”. This action is not recorded in the logs. Thus, we will not be able to perform auditing for the unauthorized actions that were taken by i.e. user1. Thus, MMonit not providing user log monitoring! Please advice.

   • 2022-11-01T06:01:11+00:00
6. 

   Tildeslash repo owner

   The user action is logged to the logs/<hostname>_access.log as a POST request to /admin/hosts/action, for example:

   127.0.0.1 - admin [01/Nov/2022:19:29:41 +0100] "POST /admin/hosts/action HTTP/1.1" 200 31 "http://127.0.0.1:8080/status/hosts/detail?id=7587" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36"
   

   The first field is the client’s IP address, followed by M/Monit username, the referral shows the related host id.

   We’ll improve the auditing of user actions in some future release.

   • 2022-11-01T18:36:54+00:00
7. 

   Hussain Mohammed reporter

   Dears,

   Thanks for your kind efforts. It would be highly appreciated.

   ‌

   • 2022-11-02T05:30:45+00:00
8. Log in to comment