Nagios User Activity

[rajasegar]

Nagios XI 2014R1.2 Ent Edition

Can you please advice where I can see the full user activity?
Activity like running reports etc is not shown in the audit log?

Thanks

[scottwilkerson]

You are correct, the audit log will only log logins and changes to the system.

the only way to see user activity (like what page they viewed) would be to analyze the httpd access_log at

Code: Select all

/var/log/httpd/access_log

[rajasegar]

You are correct, the audit log will only log logins and changes to the system.

the only way to see user activity (like what page they viewed) would be to analyze the httpd access_log at

Code: Select all

/var/log/httpd/access_log

Most of the user id is blank in the logs, any idea why

Code: Select all

10.17.19.229 - - [07/Aug/2014:07:04:34 +0800] "POST /nagiosxi//backend/ HTTP/1.1" 200 1527462 "-" "BinGet/1.00.A (http://www.bin-co.com/php/scripts/load/)"
::1 - - [07/Aug/2014:07:04:42 +0800] "POST /nagiosxi/backend/ HTTP/1.1" 200 815 "-" "BinGet/1.00.A (http://www.bin-co.com/php/scripts/load/)"
10.17.19.229 - - [07/Aug/2014:07:04:35 +0800] "POST /nagiosxi//backend/ HTTP/1.1" 200 24717947 "-" "BinGet/1.00.A (http://www.bin-co.com/php/scripts/load/)"
10.17.19.229 - - [07/Aug/2014:07:04:44 +0800] "POST /nagiosxi//backend/ HTTP/1.1" 200 1591 "-" "BinGet/1.00.A (http://www.bin-co.com/php/scripts/load/)"
10.17.38.4 - - [07/Aug/2014:07:04:48 +0800] "GET /nagiosxi/ajaxhelper.php?cmd=getxicoreajax&opts=%7B%22func%22%3A%22get_pagetop_alert_content_html%22%2C%22args%22%3A%22%22%7D&nsp=1e581ba2381c741c3a5f7c5868d2d6dd HTTP/1.1" 200 - "http://10.17.19.235/nagiosxi/index.php" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; BRI/2)"
10.17.38.4 - - [07/Aug/2014:07:04:48 +0800] "GET /nagiosxi/ajaxhelper.php?cmd=getxicoreajax&opts=%7B%22func%22%3A%22get_tray_alert_html%22%2C%22args%22%3A%22%22%7D&nsp=1e581ba2381c741c3a5f7c5868d2d6dd HTTP/1.1" 200 - "http://10.17.19.235/nagiosxi/index.php" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; BRI/2)"
10.17.38.4 - - [07/Aug/2014:07:04:51 +0800] "GET /nagiosxi/ajaxhelper.php?cmd=getxicoreajax&opts=%7B%22func%22%3A%22get_host_status_summary_html%22%2C%22args%22%3A%7B%22nsp%22%3A%22d47db648d7d52bc5fc15fdc60e636892%22%2C%22iframe_width%22%3A%22603%22%2C%22iframe_height%22%3A%2291%22%7D%7D&nsp=1e581ba2381c741c3a5f7c5868d2d6dd HTTP/1.1" 200 1755 "http://10.17.19.235/nagiosxi//includes/page-home-main.php?&=" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; BRI/2)"
10.17.38.4 - - [07/Aug/2014:07:04:51 +0800] "GET /nagiosxi/ajaxhelper.php?cmd=getxicoreajax&opts=%7B%22func%22%3A%22get_service_status_summary_html%22%2C%22args%22%3A%7B%22nsp%22%3A%22d47db648d7d52bc5fc15fdc60e636892%22%2C%22iframe_width%22%3A%22369%22%2C%22iframe_height%22%3A%2283%22%7D%7D&nsp=1e581ba2381c741c3a5f7c5868d2d6dd HTTP/1.1" 200 2074 "http://10.17.19.235/nagiosxi//includes/page-home-main.php?&=" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; BRI/2)"

[abrist]

httpd will log requests (among other things). From apache's POV, all connections are through a socket to an ip, not a user (as that is usually handled closer to the web-app layer).
Thus, you will see ports and ips in the log, not web users.