Audit event filter

[pki-bot]

This issue was migrated from Pagure Issue #2689. Originally filed by edewata (@edewata) on 2017-05-16 11:54:30:

• Closed at 2017-10-16 19:57:48 as fixed
• Assigned to edewata (@edewata)
• Associated bugzillas
  • https://bugzilla.redhat.com/show_bug.cgi?id=1445532
  • https://bugzilla.redhat.com/show_bug.cgi?id=1404075

---

In PKI 10.5 some audit events are being split into different events based on the outcome to allow the admin to log specific outcomes only (e.g. cert request processing failures only). See the following tickets:

• https://pagure.io/dogtagpki/issue/2647
• https://pagure.io/dogtagpki/issue/2648
• https://pagure.io/dogtagpki/issue/2649

Instead of that, it might be better to provide an audit event filter mechanism such that the admin can specify a logging criteria for each audit event without splitting the event itself. For example:

log.instance.SignedAudit.filters.CERT_REQUEST_PROCESSED=(&(Outcome=Failure)(ClientIP!=localhost))

[pki-bot]

Comment from edewata (@edewata) at 2017-05-16 12:28:52

Metadata Update from @edewata:

• Custom field component adjusted to General
• Custom field feature adjusted to ''
• Custom field origin adjusted to Community
• Custom field proposedmilestone adjusted to ''
• Custom field proposedpriority adjusted to ''
• Custom field reviewer adjusted to ''
• Custom field type adjusted to defect
• Custom field version adjusted to ''
• Issue priority set to: major
• Issue set to the milestone: 10.4

[pki-bot]

Comment from edewata (@edewata) at 2017-06-20 12:14:39

Metadata Update from @edewata:

• Issue priority set to: critical (was: major)

[pki-bot]

Comment from edewata (@edewata) at 2017-06-27 23:16:56

http://pki.fedoraproject.org/wiki/PKI_10.5_Audit_Event_Filter

[pki-bot]

Comment from mharmsen (@mharmsen) at 2017-06-28 19:06:47

Metadata Update from @mharmsen:

• Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1404075, https://bugzilla.redhat.com/show_bug.cgi?id=1445532

[pki-bot]

Comment from mharmsen (@mharmsen) at 2017-08-03 19:26:57

Metadata Update from @mharmsen:

• Issue set to the milestone: 10.5 (was: 10.4)

[pki-bot]

Comment from mharmsen (@mharmsen) at 2017-08-31 00:52:47

Metadata Update from @mharmsen:

• Issue priority set to: major (was: critical)

[pki-bot]

Comment from mharmsen (@mharmsen) at 2017-09-25 17:58:29

Per CS/DS Meeting 09/25/2017: 10.5 blocker

[pki-bot]

Comment from mharmsen (@mharmsen) at 2017-09-25 17:58:31

Metadata Update from @mharmsen:

• Issue priority set to: blocker (was: major)

[pki-bot]

Comment from edewata (@edewata) at 2017-09-28 17:07:51

Metadata Update from @edewata:

• Issue assigned to edewata

[pki-bot]

Comment from edewata (@edewata) at 2017-10-02 11:03:14

Depends on LDAP JDK enhancement:
https://bugzilla.mozilla.org/show_bug.cgi?id=1376300

[pki-bot]

Comment from edewata (@edewata) at 2017-10-16 19:57:10

Fixed in master:

• 12cbc3a

[pki-bot]

Comment from edewata (@edewata) at 2017-10-16 19:57:50

Metadata Update from @edewata:

• Issue close_status updated to: fixed
• Issue set to the milestone: 10.5.0 (was: 10.5)
• Issue status updated to: Closed (was: Open)

[pki-bot]

Comment from mharmsen (@mharmsen) at 2017-10-17 15:05:15

commit 99de9b0
Author: Endi S. Dewata edewata@redhat.com
Date: Fri Oct 13 19:05:04 2017 +0200

Updated LDAPJDK dependency.

The pki-core.spec has been updated to require the LDAPJDK version
that provides the new getter methods.

https://pagure.io/dogtagpki/issue/2689

Change-Id: I89e380f18696ac7a0e697f710c1f5d399d045098

commit d20a823 (HEAD -> master, origin/master, origin/HEAD, gerrit/master)
Author: Matthew Harmsen mharmsen@redhat.com
Date: Tue Oct 17 12:27:25 2017 -0600

Updated LDAPJDK dependency.

The pki-console.spec has been updated to require the LDAPJDK version
that provides the new getter methods.

https://pagure.io/dogtagpki/issue/2689

Change-Id: I5f1e95cabe29b18061c13fef08e6419649bd28a4