Logging user actions
Deepak Kodihalli
dkodihal at linux.vnet.ibm.com
Thu May 31 00:09:50 AEST 2018
On 28/05/18 5:30 pm, Alexander Amelkin wrote:
> Hi all!
>
> Customers ask us for extensive user action logging. That is, they want
> to log everything that a user may change in the system. They want to
> know who, how (via which interface) and when changed what. That includes
> but is not limited to network configuration, host power on/off, reboots,
> power restoration policy changing, firmware updates, user
> addition/deletion and password changing, et al.
>
> We could listen for dbus signals and log most of that, but that way we
> wouldn't know whether a user made a change or that was some internal
> work. Additionally, that would yield an enormous amount of data logged
> if we just log every property change. We could limit logging to a
> predefined subset of properties, but when later the community adds a new
> crucial property, we could miss it in our logs.
>
> We could log requests at each user interface (thankfully, we don't allow
> shell access for users), but that would mean having copies of the same
> logic in different subsystems, which is error prone, plus those copies
> will definitely diverge with time.
>
> Does anyone have any idea on how to best implement such a requirement?
phosphor-dbus-monitor has event monitoring support. You can specify via
build-time config (YAML files) what D-Bus interfaces/properties you're
interested in, and a corresponding "event" D-Bus object is created under
the /events/<event_category>/ namespace. This was implemented via
https://github.com/openbmc/openbmc/issues/2254.
This doesn't address all of the concerns you've mentioned above in terms
of the amount of data that can be logged. It helps specify the
properties of interest though, and the event D-Bus objects are persisted
upto a certain limit.
> Alexander Amelkin
> YADRO
>
>
Regards,
Deepak
More information about the openbmc
mailing list