Hi All,
I appear to be having a problem exporting auditd logs into the Spacewalk
front end.
I have followed the necessary steps as listed on the wiki:
https://fedorahosted.org/spacewalk/wiki/AuditReviewing
But the page still appears to be blank after configuration. Below I have
listed the current setup:
1. /etc/rhn/rhn.conf has been configured to point to the audit logdir:
[root@spacewalk audit]# tail -n2 /etc/rhn/rhn.conf
# enable audit logging
web.audit.logdir = /var/satellite/systemlogs
2. Directories created for the test host (in this case the spacewalk
host itself):
[root@spacewalk audit]# ls -la /var/satellite/systemlogs/
total 0
drwxr-xr-x 4 tomcat tomcat 38 Jun 25 10:17 .
drwxr-xr-x 6 apache root 60 Jun 25 12:27 ..
drwxr-xr-x 3 tomcat tomcat 18 Jun 25 10:17 localhost
Audit directory is present:
[root@spacewalk audit]# ls -la /var/satellite/systemlogs/localhost/
total 0
drwxr-xr-x 3 tomcat tomcat 18 Jun 25 10:17 .
drwxr-xr-x 4 tomcat tomcat 38 Jun 25 10:17 ..
drwxr-xr-x 2 tomcat tomcat 42 Jun 25 12:17 audit
And the audit log (parsed with aup.c) is present also:
[root@spacewalk audit]# ls -la /var/satellite/systemlogs/localhost/audit/
total 3692
drwxr-xr-x 2 tomcat tomcat 42 Jun 25 12:17 .
drwxr-xr-x 3 tomcat tomcat 18 Jun 25 10:17 ..
-rw-r--r-- 1 tomcat tomcat 348542 Jun 25 12:16 audit1.parsed
I have tried setting the ownership/group to both "apache" and "tomcat"
but this does not appear to help.
3. Finally, the following command was run previously (before changing
ownership to tomcat) as listed by the wiki:
[root@spacewalk audit]# namei -m /var/satellite/systemlogs/localhost/audit/
f: /var/satellite/systemlogs/localhost/audit/
dr-xr-xr-x /
drwxr-xr-x var
drwxr-xr-x satellite
drwxr-xr-x systemlogs
drwxr-xr-x localhost
drwxr-xr-x audit
The logs for tomcat,httpd and auditd show no related errors.
Despite the above no audit logs are displayed on the front end. Does
anyone have any ideas as to why this could be?
Kind Regards,
Sam Caise
--
------------------------------
InVADE International Ltd, Orchard Street Business Centre, 13-14 Orchard Street,
Bristol, BS1 5EH
Company Registration Number: 3660482 Registered in England and Wales
This email, and any attachment, is intended only for the attention of the
addressee. Its unauthorised use, disclosure, storage or copying is not
permitted. If you are not the intended recipient, please destroy all copies
and inform the sender by return email. If you have received this email in
error, please return it to the sender and highlight the error. We accept no
legal liability for the content of the message. Any opinions or views
presented are solely the responsibility of the author and do not
necessarily represent those of InVADE. We cannot guarantee that this
message has not been modified in transit, and this message should not be
viewed as contractually binding. Although we have taken reasonable steps to
ensure that this email and attachments are free from any virus, we advise
that in keeping with good computing practice the recipient should ensure
they are actually virus free.
_______________________________________________
Spacewalk-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/spacewalk-list
