We ran into an issue over the last few days where Nagios would reload seemingly randomly and all kinds of items, from contacts to check times would be all hosed up. We stumble on the source of the issue this afternoon when we found a user was making changes to their systems, adding and removing contacts, time frames, and doing really strange things (like setting the polling interval at 15 minutes, but setting the retries at 30 minutes and the notifications at 1 minute, etc.)
We had to remove users ability to access the config tab, since we have dozens of teams that can potentially wreck havoc with their configs, and since they apply every time they make a change, it can cause us issues as well.
Is there a way to audit user logins, times, and potentially config changes? The httpd access.log does not really give us what we need here... and the NagiosQL Log log doesn't seem to either from what I can see. I didnt see the user's login during any of the three days this was going on.
Audit user logins and actions
Audit user logins and actions
--
Griffin Wakem
Griffin Wakem
Re: Audit user logins and actions
2012 Enterprise edition is going to have built-in audit logging of all logins, configuration changes, and administrative changes. Currently the Core Configuration manager does log config changes, but it's based on the CCM account, and I don't remember off hand how long it will hold the log data. Check the CCM's Admin area for the logbook page.