Quick action audit logs

This support forum board is for support questions relating to Nagios XI, our flagship commercial network monitoring solution.
Locked
User avatar
WillemDH
Posts: 2320
Joined: Wed Mar 20, 2013 5:49 am
Location: Ghent
Contact:
Contact WillemDH

Quick action audit logs

Post by WillemDH »

Hello,

Is it logged somewhere when a user executes a quick action? Imho it would be a nice addition to add the quick actions usage to the Nagios XI audit logs?

Grtz

Willem
Nagios XI 5.8.1
https://outsideit.net
Top
User avatar
cdienger
Support Tech
Posts: 5045
Joined: Tue Feb 07, 2017 11:26 am

Re: Quick action audit logs

Post by cdienger »

Tested on 5.5.8, the option to disable/enable host notifications make entries to the audit log:

cmdsubsys: User submitted a command to Nagios Core: ENABLE_HOST_NOTIFICATIONS;localhost
cmdsubsys: User submitted a command to Nagios Core: DISABLE_HOST_NOTIFICATIONS;localhost

as is the force check:

cmdsubsys: User submitted a command to Nagios Core: SCHEDULE_FORCED_HOST_CHECK;localhost;1546882000

The ping, connect, and traceroute actions(found on the host) don't make entries to the audit log but, being web requests, they would appear in the apache logs(/var/log/httpd):

access_log:1.2.3.4 - - [07/Jan/2019:11:33:35 -0600] "GET /nagiosxi/includes/components/rdp/gordp.php?confirm=1&hostid=146&address=127.0.0.1 HTTP/1.1" 200 ...

access_log:1.2.3.4 - - [07/Jan/2019:11:33:36 -0600] "GET /nagiosxi/includes/components/tracerouteaction/traceroute.php?host=127.0.0.1&cmd=go HTTP/1.1" 200 ...

access_log:1.2.3.4 - - [07/Jan/2019:11:38:37 -0600] "GET /nagiosxi/includes/components/pingaction/ping.php?host=127.0.0.1&cmd=go HTTP/1.1" 200 ...
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Top
User avatar
WillemDH
Posts: 2320
Joined: Wed Mar 20, 2013 5:49 am
Location: Ghent
Contact:
Contact WillemDH

Re: Quick action audit logs

Post by WillemDH »

Thanks for the info. I was actually referring to custom command quick actions not the builtin ones.

I found that custom actions access url's start with:
/nagiosxi/includes/components/actions/runcmd.php?action=20&uid=70As7r&host=servername&service=servicename
What is missing in the apache logs is the user executing the quick action. Only the ip address is available. Any chance this could be added to the audit logs including the user executing the quick action?

Grtz

Willem
Nagios XI 5.8.1
https://outsideit.net
Top
npolovenko
Support Tech
Posts: 3457
Joined: Mon May 15, 2017 5:00 pm

Re: Quick action audit logs

Post by npolovenko »

@WillemDH , You are referring to custom actions created in the Custom Actions Component, right?
https://assets.nagios.com/downloads/nag ... ios-XI.pdf

We're planning on adding more XI GUI/Backend CCM integrations in XI 6. This would be a good idea for a feature request.
I can submit it on your behalf if you'd like. Please keep in mind that the final decision to implement the enhancement is at the discretion development team.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Top
User avatar
WillemDH
Posts: 2320
Joined: Wed Mar 20, 2013 5:49 am
Location: Ghent
Contact:
Contact WillemDH

Re: Quick action audit logs

Post by WillemDH »

Yes I'm indeed referring to custom actions created in the actions component. Please submit the feature request, adn you can close this thread then. :)
Nagios XI 5.8.1
https://outsideit.net
Top
User avatar
lmiltchev
Bugs find me
Posts: 13589
Joined: Mon May 23, 2011 12:15 pm

Re: Quick action audit logs

Post by lmiltchev »

The feature request has been submitted. I am locking this topic. Thanks!
Be sure to check out our Knowledgebase for helpful articles and solutions!
Top
Locked

Return to “Nagios XI”