We have many teams in our enterprise that would like to use functions of the external/core commands to start/stop monitoring, add comments, Disabling event handlers, etc. However we require the ability to audit the commands these teams are running. We have been testing the “core system” APIs and we notice that there is nothing in the audit log indicating that a user issued a command. Is there a way to get auditing from this API?
1. Linux Distribution and version?
Operating System: Red Hat Enterprise Linux
CPE OS Name: cpe:/o:redhat:enterprise_linux:7.5:GA:server
Kernel: Linux 3.10.0-957.el7.x86_64
2. 32 or 64bit?
Architecture: x86-64
3. VMware Image or Manual Install of XI?
Manual Install Nagios XI 5.5.7
4. Are there special configurations on your system, ie; is Gnome installed? Are you using a proxy? Are you using SSL?
We are using SSL
Thank you in advance.
Auditing the core system API
Re: Auditing the core system API
This functionality will be added in Nagios XI 5.6.0, which will be released sometime in Q1 of 2019. You will be able to see in the audit log the actual commands that were submitted (instead of ID=xxx), and the user who submitted them.
Be sure to check out our Knowledgebase for helpful articles and solutions!