Hi Peter, even if you monitor the configuration, how are you going to relate what changed to who changed it? I'm assuming you have multiple users with administration rights here.
There is no built-in way to do what you want, but the GeoServer API provides support for attaching listeners that can track configuration changes and verify who's making them at the same time. If your preference is to use an official version of GeoServer version, then my suggestion is that you go and develop a "configuration monitor" module, similar to the monitoring module, but based on config changes rather than requests. You can either: - Develop it yourself, asking for a community module spot, or if having it in nightly builds is not enough, but you need releases, work your way through the module graduation process and be long term maintainer for the module - Sponsor a commercial support provider to do the above on your behalf, see http://geoserver.org/support/ Cheers Andrea On Mon, Dec 3, 2018 at 1:29 PM Peter Smythe <g...@smythe.co.za> wrote: > Hi all > > We have a requirement to log any security changes to an audit table, being > those that control access to a particular layer, for example > add/delete/change: > > - Users > - Usergroups > - Roles > - Data (workspace and layer rules) > - Services (e.g. WFS transactions) > > Even with verbose logging, there is not enough logging in geoserver.log, > and we prefer to maintain a standard build, so I did not pursue this > further. > > I could periodically monitor the configuration via REST for any changes, > but how often? > > Another idea is to use linux filesytem audit tools (auditd) to monitor the > individual XML config files but I don't know if that can trigger a process > or log the actual changes/diffs to the config files. > > Lastly, based on https://github.com/rvoicilas/inotify-tools/wiki, writing > diffs of the XML config files should be possible. > > Has anyone else tackled a similar requirement? Do you have any other > suggestions? > > Thanks > > Peter > > _______________________________________________ > Geoserver-users mailing list > > Please make sure you read the following two resources before posting to > this list: > - Earning your support instead of buying it, but Ian Turton: > http://www.ianturton.com/talks/foss4g.html#/ > - The GeoServer user list posting guidelines: > http://geoserver.org/comm/userlist-guidelines.html > > If you want to request a feature or an improvement, also see this: > https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer > > > Geoserver-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/geoserver-users > -- Regards, Andrea Aime == GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information. == Ing. Andrea Aime @geowolf Technical Lead GeoSolutions S.A.S. Via di Montramito 3/A 55054 Massarosa (LU) phone: +39 0584 962313 fax: +39 0584 1660272 mob: +39 339 8844549 http://www.geo-solutions.it http://twitter.com/geosolutions_it ------------------------------------------------------- *Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si precisa che ogni circostanza inerente alla presente email (il suo contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra operazione è illecita. Le sarei comunque grato se potesse darmene notizia. This email is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential or otherwise protected from disclosure. We remind that - as provided by European Regulation 2016/679 “GDPR” - copying, dissemination or use of this e-mail or the information herein by anyone other than the intended recipient is prohibited. If you have received this email by mistake, please notify us immediately by telephone or e-mail.*
_______________________________________________ Geoserver-users mailing list Please make sure you read the following two resources before posting to this list: - Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/ - The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html If you want to request a feature or an improvement, also see this: https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer Geoserver-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-users