Audit Log questions

[SteveBeauchemin]

Is there a place where I can lookup the ID= information found in /usr/local/nagiosxi/var/components/auditlog.log
for example...

Code: Select all

User submitted a command to the subsystem (ID=1100)

what is ID 1100 ?

I will look in code, or docs, whatever. I just need to know what it means.

My company is moving closer to becoming DFARS complaint and I have been able so far to stay ahead of the requests. Audit logging is an important one.

I would like to ask for something like verbose mode for the audit log if possible - to have more specific information provided. The short-hand data in the file now is barely adequate. I am not completely sure what to ask for. But I need to see more information than I see today.

Above is one example. I have no idea what that user clicked on.

Another example here:
This line is from the audit log:

Code: Select all

2017-04-17 05:08:02 - Nagios XI [32] system:localhost - cmdsubsys: User [username] started Nagios Core

What did the user click to make this happen? The people getting Audit data in the future will be asking for better information.

Is there some way to get better or more clear data in the audit log.

Thanks

Steve B

[bheden]

html/includes/constants.inc.php

grep for "COMMAND_"

This will give you the definitions of the commands being processed.

Or, grep for "AUDITLOG" to give you the numerical data regarding types and sources.

Hope this helps.

[bheden]

In regards to a "verbose mode", I've submitted that as a feature request for a future release of XI. I've even given it a +1!

[SteveBeauchemin]

Thanks, that is helpful.

Now I just need to figure out what

Code: Select all

define("COMMAND_NAGIOSXI_SET_HTACCESS", 1100);

means

Thank you Developer Bryan...

Steve B

[dwhitfield]

Probably just part of an Apply Config. Do you need more info than that?

[bheden]

SET_HTACCESS is used to update the core htaccess file so that whoever is specified as the command's payload has access to the core install on the XI box.

[SteveBeauchemin]

Thanks for the info people. You are all so well educated, smart and pretty.
I hope to see you at a Nagios conference again at some point in the future.

Feel free to close this.

Thanks

Steve B