Logging user actions

Alexander Amelkin a.amelkin at yadro.com
Mon May 28 22:00:06 AEST 2018


Hi all!

Customers ask us for extensive user action logging. That is, they want
to log everything that a user may change in the system. They want to
know who, how (via which interface) and when changed what. That includes
but is not limited to network configuration, host power on/off, reboots,
power restoration policy changing, firmware updates, user
addition/deletion and password changing, et al. 

We could listen for dbus signals and log most of that, but that way we
wouldn't know whether a user made a change or that was some internal
work. Additionally, that would yield an enormous amount of data logged
if we just log every property change. We could limit logging to a
predefined subset of properties, but when later the community adds a new
crucial property, we could miss it in our logs.

We could log requests at each user interface (thankfully, we don't allow
shell access for users), but that would mean having copies of the same
logic in different subsystems, which is error prone, plus those copies
will definitely diverge with time.

Does anyone have any idea on how to best implement such a requirement?

Alexander Amelkin
YADRO


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20180528/0979a731/attachment.sig>


More information about the openbmc mailing list