----- Original Message ----- > From: "Sam Caise" <[email protected]> > To: [email protected] > Sent: Thursday, June 25, 2015 1:43:20 PM > Subject: [Spacewalk-list] Audit logs in GUI > > Hi All, > > I appear to be having a problem exporting auditd logs into the Spacewalk > front end. > > I have followed the necessary steps as listed on the wiki: > > https://fedorahosted.org/spacewalk/wiki/AuditReviewing > > But the page still appears to be blank after configuration. Below I have > listed the current setup: > > 1. /etc/rhn/rhn.conf has been configured to point to the audit logdir: > > [root@spacewalk audit]# tail -n2 /etc/rhn/rhn.conf > # enable audit logging > web.audit.logdir = /var/satellite/systemlogs > > 2. Directories created for the test host (in this case the spacewalk host > itself): > > [root@spacewalk audit]# ls -la /var/satellite/systemlogs/ > total 0 > drwxr-xr-x 4 tomcat tomcat 38 Jun 25 10:17 . > drwxr-xr-x 6 apache root 60 Jun 25 12:27 .. > drwxr-xr-x 3 tomcat tomcat 18 Jun 25 10:17 localhost > > Audit directory is present: > > [root@spacewalk audit]# ls -la /var/satellite/systemlogs/localhost/ > total 0 > drwxr-xr-x 3 tomcat tomcat 18 Jun 25 10:17 . > drwxr-xr-x 4 tomcat tomcat 38 Jun 25 10:17 .. > drwxr-xr-x 2 tomcat tomcat 42 Jun 25 12:17 audit > > And the audit log (parsed with aup.c) is present also: > > [root@spacewalk audit]# ls -la /var/satellite/systemlogs/localhost/audit/ > total 3692 > drwxr-xr-x 2 tomcat tomcat 42 Jun 25 12:17 . > drwxr-xr-x 3 tomcat tomcat 18 Jun 25 10:17 .. > -rw-r--r-- 1 tomcat tomcat 348542 Jun 25 12:16 audit1.parsed
Hello, The audit files are expected to have a name in format: "audit-(\d+)-(\d+).parsed" - numbers are unix timestamps describing start and end of searching interval. > > > I have tried setting the ownership/group to both "apache" and "tomcat" but > this does not appear to help. > > 3. Finally, the following command was run previously (before changing > ownership to tomcat) as listed by the wiki: > > [root@spacewalk audit]# namei -m /var/satellite/systemlogs/localhost/audit/ > f: /var/satellite/systemlogs/localhost/audit/ > dr-xr-xr-x / > drwxr-xr-x var > drwxr-xr-x satellite > drwxr-xr-x systemlogs > drwxr-xr-x localhost > drwxr-xr-x audit > > The logs for tomcat,httpd and auditd show no related errors. > > Despite the above no audit logs are displayed on the front end. Does anyone > have any ideas as to why this could be? > > Kind Regards, > Sam Caise > Regards, -- Jan Dobes Satellite Engineering, Red Hat _______________________________________________ Spacewalk-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/spacewalk-list
