Audit logs for user creation, deletion, login failures etc

Log all information related to the actions done by sensuctl for audit purposes

  1. What have you already tried? Please include links to gists and/or code blocks (if relatively small)
  • Currently when running the backend in a debug mode, we could see the logs getting created, however when creating a user it does not show the resource name that is being created in the logs, but shows the user creating/running the command/api call
  • RHEL 7.x does not write to a file has to grep from the journalctl
  1. Tell us about your setup, this should include OS, version of Sensu, version of Sensu components (redis, rabbitmq), plugin versions (if applicable), anything special about your setup such as an airgapped network or strict ACLs
    OS: RHEL 6.x / 7.x
    Sensu-GO: 5.2.1
    Sensuctl is run from the same host as of backend

  2. Is there a Github issue related to your issue?
    N/A

  3. Is there anything else that can help us effectively help you?
    Write below information to the log file or a separate file called audit log or something similar to that
    a) User/group creation
    b) Creation of application roles/profiles
    c) Modification of roles/profiles
    d) Modification of user access rights
    e) Manual password reset (done by admin)
    f) Unsuccessful login (failure at logon)
    g) Successful login if required to support forensic purpose
    h) Account lockouts
    i) Manual log stoppage (log restart)
    j) Changes to authentication level
    k) Access control changes
    l) Key management/encryption changes

Hi @sureshs, we have an issue open about this which you can follow: https://github.com/sensu/sensu-go/issues/2719. We’ll update this issue as the engineers perform the review/implement audit logging.

1 Like

Thanks Aaron
Will follow the github issue