[Spacewalk-list] Audit logs in GUI

Sam Caise sam.caise at invade.net
Thu Jun 25 11:43:20 UTC 2015 

Hi All,

I appear to be having a problem exporting auditd logs into the Spacewalk 
front end.

I have followed the necessary steps as listed on the wiki:

https://fedorahosted.org/spacewalk/wiki/AuditReviewing

But the page still appears to be blank after configuration. Below I have 
listed the current setup:

1. /etc/rhn/rhn.conf has been configured to point to the audit logdir:

[root at spacewalk audit]# tail -n2 /etc/rhn/rhn.conf
# enable audit logging
web.audit.logdir = /var/satellite/systemlogs

2. Directories created for the test host (in this case the spacewalk 
host itself):

[root at spacewalk audit]# ls -la /var/satellite/systemlogs/
total 0
drwxr-xr-x 4 tomcat tomcat 38 Jun 25 10:17 .
drwxr-xr-x 6 apache root   60 Jun 25 12:27 ..
drwxr-xr-x 3 tomcat tomcat 18 Jun 25 10:17 localhost

Audit directory is present:

[root at spacewalk audit]# ls -la /var/satellite/systemlogs/localhost/
total 0
drwxr-xr-x 3 tomcat tomcat 18 Jun 25 10:17 .
drwxr-xr-x 4 tomcat tomcat 38 Jun 25 10:17 ..
drwxr-xr-x 2 tomcat tomcat 42 Jun 25 12:17 audit

And the audit log (parsed with aup.c) is present also:

[root at spacewalk audit]# ls -la /var/satellite/systemlogs/localhost/audit/
total 3692
drwxr-xr-x 2 tomcat tomcat      42 Jun 25 12:17 .
drwxr-xr-x 3 tomcat tomcat      18 Jun 25 10:17 ..
-rw-r--r-- 1 tomcat tomcat  348542 Jun 25 12:16 audit1.parsed


I have tried setting the ownership/group to both "apache" and "tomcat" 
but this does not appear to help.

3. Finally, the following command was run previously (before changing 
ownership to tomcat) as listed by the wiki:

[root at spacewalk audit]# namei -m /var/satellite/systemlogs/localhost/audit/
f: /var/satellite/systemlogs/localhost/audit/
  dr-xr-xr-x /
  drwxr-xr-x var
  drwxr-xr-x satellite
  drwxr-xr-x systemlogs
  drwxr-xr-x localhost
  drwxr-xr-x audit

The logs for tomcat,httpd and auditd show no related errors.

Despite the above no audit logs are displayed on the front end. Does 
anyone have any ideas as to why this could be?

Kind Regards,
Sam Caise

-- 

------------------------------

InVADE International Ltd, Orchard Street Business Centre, 13-14 Orchard Street, Bristol, BS1 5EH

Company Registration Number: 3660482 Registered in England and Wales 

This email, and any attachment, is intended only for the attention of the 
addressee. Its unauthorised use, disclosure, storage or copying is not 
permitted. If you are not the intended recipient, please destroy all copies 
and inform the sender by return email. If you have received this email in 
error, please return it to the sender and highlight the error. We accept no 
legal liability for the content of the message. Any opinions or views 
presented are solely the responsibility of the author and do not 
necessarily represent those of InVADE. We cannot guarantee that this 
message has not been modified in transit, and this message should not be 
viewed as contractually binding. Although we have taken reasonable steps to 
ensure that this email and attachments are free from any virus, we advise 
that in keeping with good computing practice the recipient should ensure 
they are actually virus free.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20150625/84f282d5/attachment.htm>

More information about the Spacewalk-list mailing list