Page 1 of 1
More information in logss
Posted: Mon Dec 14, 2015 9:44 am
by BanditBBS
So, I have all my XI logs being shipped off to NLS and just came in handy to find some downtime start and stop messages. Here is my question for a dev:
Would it be possible to add just a bit more information to log entries? i.e. User that scheduled downtime, user that cancelled downtime. This would need done in Core I'm sure so I'll go throw up a feature request on core's tracker, I just wanted to see if it is doable before I even get my hopes up
Re: More information in logss
Posted: Mon Dec 14, 2015 10:09 am
by tmcdonald
Certainly possible, yea. Though to be fair a feature request of "User that scheduled downtime, user that cancelled downtime" is likely going to be limited to just those two things. Either of us can make the request, just make sure to either put in all the (related) requests at once or let me know and we'll handle it on our end.
One thing to note is that it might not be a quick change, since the reports (and other things potentially) would need to be updated to deal with the new log format.
Re: More information in logss
Posted: Mon Dec 14, 2015 10:35 am
by lgroschen
If you mean the audit log that can be toggled to write the XI logs to a file then definitely! I'll add a task into TPS right now and make the update in nagioscore to write when the downtime is scheduled in the status.php page. Also, if you're using a component to do any actions like schedule downtime you can add this functionality into the component. Here is the information you will need to do that.
Add this command right when you want the audit log write to be triggered, (usually in a part of the code where the 'successful' output/checks will run):
Code: Select all
send_to_audit_log("Nagios XI auditlog: writing to file enabled.", AUDITLOGTYPE_CHANGE);
You can also add a username into the message by concatenating anywhere in the message section which is the first argument.
Here are the constants for the second argument in the above command, they define what type of command was executed. This could be very helpful for sorting or filtering in Log Server. It is located in constants.inc.php:
Code: Select all
define("AUDITLOGTYPE_NONE",0);
define("AUDITLOGTYPE_ADD",1); // adding objects /users
define("AUDITLOGTYPE_DELETE",2); // deleting objects / users
define("AUDITLOGTYPE_MODIFY",4); // modifying objects / users
define("AUDITLOGTYPE_MODIFICATION",4); // modifying objects / users
define("AUDITLOGTYPE_CHANGE",8); // changes (reconfiguring system settings)
define("AUDITLOGTYPE_SYSTEMCHANGE",8); // changes (reconfiguring system settings)
define("AUDITLOGTYPE_SECURITY",16); // security-related events
define("AUDITLOGTYPE_INFO",32); // informational messages
define("AUDITLOGTYPE_OTHER",64); // everything else
You could easily add new types for however you want to organize these, but the above are reserved. Remember if you edit this file it will be overwritten during upgrade so make yourself a backup.
Re: More information in logss
Posted: Mon Dec 14, 2015 10:53 am
by BanditBBS
Luke,
Yea, if you get it added that so it'd show better in audit log, I think that'd solve my issues. I'm going to also have a look at what you mentioned about my components I'm using(as time permits).
Thanks...you guys can close this!
Re: More information in logss
Posted: Mon Dec 14, 2015 11:21 am
by lgroschen
Just let me know if you need a hand with the component! Locking.