Audit Logging for the SwiftStack Controller¶
Messages¶
For auditing purposes, certain events need to be logged by SwiftStack Controller On-Premises controllers. Events that seem to be normal operation are logged at the INFO level, while ones that seem to be abnormal are logged as WARNING. Changing the audit logging level is logged as CRITICAL (thus always logged).
These events include:
Warnings:
- Attempting to use an invalid invite code
- Being prevented from changing roles for a user
- Being prevented from changing roles for an invitation
- Being prevented from creating an invitation
- Being prevented from deleting a user
- Being prevented from creating an API key
- Being prevented from deleting an API key
Informational messages:
- Login succeeded
- Logout succeeded
- Login attempt failed
- Invite code claimed
- User created
- Changed roles for user
- Changed roles for invitation
- Created invitation
- Deleted user
- Created an API key
- Deleted an API key
Configuration¶
You can either have audit messages logged go to a local file, or they can be
sent to syslog for more complex routing. By default, audit messages are
logged to the local file, /opt/ss/var/log/ssaudit.log
.
To route to a local file:
On the Controller Networking configuration page,
under Audit Logging, set "Where to log SwiftStack Controller audit data" to
a string of the form file:<path>
where <path>
is a path to a local
file on disk. Then click "Save Changes".
To route to syslog:
On the Controller Networking configuration page,
under Audit Logging, set "Where to log SwiftStack Controller audit data" to
a string of the form syslog[:<system name or ip>[:<port>[:<facility>]]]
where <system name or ip>
is the hostname or IP address of your syslog
server, <port>
is an optional port, and <facility>
is the syslog
facility to use when sending the messages. Then click "Save Changes".
If not specified, the system is localhost
, the port is 514, and the
facility is LOCAL0
.
The logging level of audit messages is also configured on the Controller Networking configuration page, under Audit Logging.