Nagios Support Forum

Posted: **Wed Aug 06, 2014 1:33 am**

Nagios XI 2014R1.2 Ent Edition

Can you please advice where I can see the full user activity?
Activity like running reports etc is not shown in the audit log?

Thanks

Posted: **Wed Aug 06, 2014 8:09 am**

You are correct, the audit log will only log logins and changes to the system.

the only way to see user activity (like what page they viewed) would be to analyze the httpd access_log at

Code: Select all

/var/log/httpd/access_log

Posted: **Wed Aug 06, 2014 6:15 pm**

scottwilkerson wrote:You are correct, the audit log will only log logins and changes to the system.

the only way to see user activity (like what page they viewed) would be to analyze the httpd access_log at
Code: Select all
/var/log/httpd/access_log

Most of the user id is blank in the logs, any idea why

Code: Select all

10.17.19.229 - - [07/Aug/2014:07:04:34 +0800] "POST /nagiosxi//backend/ HTTP/1.1" 200 1527462 "-" "BinGet/1.00.A (http://www.bin-co.com/php/scripts/load/)"
::1 - - [07/Aug/2014:07:04:42 +0800] "POST /nagiosxi/backend/ HTTP/1.1" 200 815 "-" "BinGet/1.00.A (http://www.bin-co.com/php/scripts/load/)"
10.17.19.229 - - [07/Aug/2014:07:04:35 +0800] "POST /nagiosxi//backend/ HTTP/1.1" 200 24717947 "-" "BinGet/1.00.A (http://www.bin-co.com/php/scripts/load/)"
10.17.19.229 - - [07/Aug/2014:07:04:44 +0800] "POST /nagiosxi//backend/ HTTP/1.1" 200 1591 "-" "BinGet/1.00.A (http://www.bin-co.com/php/scripts/load/)"
10.17.38.4 - - [07/Aug/2014:07:04:48 +0800] "GET /nagiosxi/ajaxhelper.php?cmd=getxicoreajax&opts=%7B%22func%22%3A%22get_pagetop_alert_content_html%22%2C%22args%22%3A%22%22%7D&nsp=1e581ba2381c741c3a5f7c5868d2d6dd HTTP/1.1" 200 - "http://10.17.19.235/nagiosxi/index.php" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; BRI/2)"
10.17.38.4 - - [07/Aug/2014:07:04:48 +0800] "GET /nagiosxi/ajaxhelper.php?cmd=getxicoreajax&opts=%7B%22func%22%3A%22get_tray_alert_html%22%2C%22args%22%3A%22%22%7D&nsp=1e581ba2381c741c3a5f7c5868d2d6dd HTTP/1.1" 200 - "http://10.17.19.235/nagiosxi/index.php" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; BRI/2)"
10.17.38.4 - - [07/Aug/2014:07:04:51 +0800] "GET /nagiosxi/ajaxhelper.php?cmd=getxicoreajax&opts=%7B%22func%22%3A%22get_host_status_summary_html%22%2C%22args%22%3A%7B%22nsp%22%3A%22d47db648d7d52bc5fc15fdc60e636892%22%2C%22iframe_width%22%3A%22603%22%2C%22iframe_height%22%3A%2291%22%7D%7D&nsp=1e581ba2381c741c3a5f7c5868d2d6dd HTTP/1.1" 200 1755 "http://10.17.19.235/nagiosxi//includes/page-home-main.php?&=" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; BRI/2)"
10.17.38.4 - - [07/Aug/2014:07:04:51 +0800] "GET /nagiosxi/ajaxhelper.php?cmd=getxicoreajax&opts=%7B%22func%22%3A%22get_service_status_summary_html%22%2C%22args%22%3A%7B%22nsp%22%3A%22d47db648d7d52bc5fc15fdc60e636892%22%2C%22iframe_width%22%3A%22369%22%2C%22iframe_height%22%3A%2283%22%7D%7D&nsp=1e581ba2381c741c3a5f7c5868d2d6dd HTTP/1.1" 200 2074 "http://10.17.19.235/nagiosxi//includes/page-home-main.php?&=" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; BRI/2)"

Posted: **Thu Aug 07, 2014 10:12 am**

httpd will log requests (among other things). From apache's POV, all connections are through a socket to an ip, not a user (as that is usually handled closer to the web-app layer).
Thus, you will see ports and ips in the log, not web users.

Nagios Support Forum

Nagios User Activity

Nagios User Activity

Re: Nagios User Activity

Re: Nagios User Activity

Re: Nagios User Activity