-
Notifications
You must be signed in to change notification settings - Fork 120
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Auditing Codenvy #581
Comments
Is it mean that user should see HTML code in output of CLI? Usually, reports in terminal are displaying as a list of "key: value", in a JSON format or something like that. |
We should dump the information into CSV or equivalent. HTML is not a requirement. How do other audits work on Tomcat? text file is fine. |
@tolusha yes, it's a customer request. @dmytro-ndp, my thought had been to output a file in HTML but text or CSV is fine too if the information is readable. |
Is this issue on IM CLI ? |
It it doesn't even need to be that. We can generate an audit log file and just keep it current. We can just tell admin the name of the file. |
@vkuznyetsov means if it should be IM CLI command |
Cli is not necessary. We can just dump the data into a log file as the access happens - similar to an Apache log file. We can have multiple log files with different audit data if necessary. So the docs would just show where these audit logs are at and admin can grab them at any time. |
@TylerJewell Who and how can initiate the Audit Report? I thought this report should created by IM command. |
do you mean that Codenvy on-prem should collect log of creation/deletion of workspace, user creation and other info in separate file say audit.log in addition to /home/codenvy/tomcat/logs/catalina.out - list of log entry like the follow:
and then admin should be able to read such audit log and then admin will prepare report in convenient view? |
Oh my god - sorry @tolusha @vkuznyetsov - I got my thoughts mixed up with another issue. It's too early in the morning and I haven't had tea yet. Yes, you are both correct - this needs to be "codenvy audit" with CLI. And then we dump output into a file. |
@bmicklea |
Date of the last access by any user is perfect. |
@bmicklea @vkuznyetsov - actually, Brad, I think it's the opposite. What the audit report is showing is the list of all workspaces for each user. So it may show something like:
The is specifically when USERA accessed WS1. |
Unfortunately we don't store last access date of every user to workspace. |
Please add a sub issue for tracking around workspace access log. I think the data to collect would be similar to what an HTTP access log might contain. It would include the user name, IP address, time-date stamp of access, and maybe type of access. Now since each user interacts with a ws independently, to keep things simpler we could just log all of the access to a particular workspace that is done through our central system, such as first authentication. I am unsure how much traffic flows through our routers from an access point of view? |
Is it another type of audit output besides the one mentioned in the issue? |
I think so yes. This new one is more of a continuing log file that records access each time a user activity occurs. I suppose we could log this in our database and provide a CLI or treat it similar to how Apache generates an access log. Then once this was there we could reuse the information in such a log to build a stronger Codenvy audit report that is part of the original definition of this issue. |
Log any kind of activity - is too unclear and might be excessively. |
It may be excessive agreed. Ok to separate the analysis. Separately - do we get a list of all access to a single workspace? There could be a users view which lists all of their access to any workspace. Or an admin might choose a single workspace and ask for all access to it from any user. |
Right now we can have (actually store it) only data about accessing workspace without binging it to specific user. |
removed. |
@tolusha can you send me a sample report please? I need it for my CheConf presentation. |
@bmicklea: here an example:
@eivantsov: it seems we need to add info bout audit CLI command to our documentation. |
@dmytro-ndp thx |
Thanks On Mon, Nov 7, 2016 at 12:23 PM, Anatoliy Bazko notifications@github.com
Brad Micklea | Operations | bmicklea@codenvy.com | 416.707.0792 |
Codenvy should provide a default audit report that would include:
Per Install Information
Per User Information
For each workspace the user has permissions to show a table with each workspace on a row:
The report should be output in a tabular format, and into a text file.
Update:
User should login using "codenvy login" command before executing audit command. It is needed to get access to Organization API. To do this, next issue should be resolved (#667).
Update:
Depens on: #599
The text was updated successfully, but these errors were encountered: