Audit users actions within nagios

Richard Savage richard at newnet.co.uk
Thu Nov 13 12:03:06 CET 2008


Hugo van der Kooij wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Andreas Ericsson wrote:
>   
>> Richard Savage wrote:
>>     
>>> I think you might have misunderstood.  Im not interested in what actions
>>> are performed on the actual box, as they cant log into that, im
>>> interested in what actions are performed within the Nagios program.
>>>
>>>       
>> Following your apache log will tell you who visited which page. It won't
>> show POST data and such though, but it'll get you started.
>>
>> There's no way of getting enough info to essentially be able to replay
>> the users' actions, and nor will there be within the foreseeable future
>> (unless you patch it to do that, ofcourse).
>>     
>
> Hold on. Given that a normal user is unable to login locally and change
> config files. The actions available to the users are limited. And to the
> best of my knowledge things like acknowledgements, scheduling downtime
> and sure are pretty well recorded in the logs.
>
> Or am I missing something here?
>
> Hugo.
>
> PS: Darn list makes it darn impossible to respond to the list.
>
>   
Yes they are recorded in the logs, but no username is recorded with it.  
It just says, External command or something like that, it wont say which 
user has done it?  Unless im going blind.

Thanks

rich

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null





More information about the Users mailing list