Audit user logins and actions
Posted: Thu Sep 27, 2012 5:41 pm
We ran into an issue over the last few days where Nagios would reload seemingly randomly and all kinds of items, from contacts to check times would be all hosed up. We stumble on the source of the issue this afternoon when we found a user was making changes to their systems, adding and removing contacts, time frames, and doing really strange things (like setting the polling interval at 15 minutes, but setting the retries at 30 minutes and the notifications at 1 minute, etc.)
We had to remove users ability to access the config tab, since we have dozens of teams that can potentially wreck havoc with their configs, and since they apply every time they make a change, it can cause us issues as well.
Is there a way to audit user logins, times, and potentially config changes? The httpd access.log does not really give us what we need here... and the NagiosQL Log log doesn't seem to either from what I can see. I didnt see the user's login during any of the three days this was going on.
We had to remove users ability to access the config tab, since we have dozens of teams that can potentially wreck havoc with their configs, and since they apply every time they make a change, it can cause us issues as well.
Is there a way to audit user logins, times, and potentially config changes? The httpd access.log does not really give us what we need here... and the NagiosQL Log log doesn't seem to either from what I can see. I didnt see the user's login during any of the three days this was going on.