Key Manager Audit Events
Object Action
ID: 1
Description: Object Action
Example:
Apr 11 17:55:56 keymanager audit(3633) INFO: AUDITED: 2012-04-11 17:55:56.491991 [system]: Object Action
Many To Many Action
ID: 2
Description: Many-to-many Action
Job Cancelled
ID: 10
Description: Job cancelled
Backend Started
ID: 100
Description: Backend started
Example:
Apr 17 16:58:05 keymanager audit(8668) INFO: AUDITED: 2012-04-17 16:58:05.474007 [system]: Backend started
Backend Stopped
ID: 101
Description: Backend stopped
Backend Error
ID: 102
Description: Backend error
Admin Login
ID: 200
Description: Admin logged in
Example:
Apr 17 16:56:41 keymanager audit(8634) INFO: AUDITED: 2012-04-17 16:56:41.748256 [admin]: Admin logged in
Admin Logout
ID: 201
Description: Admin logged out
Example:
Apr 19 18:22:23 keymanager audit(20001) INFO: AUDITED: 2012-04-19 18:22:23.667831 [admin]: Admin logged out
Admin Login Failure
ID: 202
Description: Admin login failed
Example:
Jul 2 15:01:01 keymanager <30>sshmgr[27129]/audit INFO: AUDIT: [system] Admin login failed: "No such user: doc"
Admin Account Permissions Added
ID: 203
Description: Admin account permissions added
Admin Account Permissions Removed
ID: 204
Description: Admin account permissions removed
Admin Role Permissions Added
ID: 205
Description: Admin role permissions added
Example:
Jun 28 11:21:17 keymanager sshmgr[19813]/audit INFO: AUDIT: [superuser] Admin role permissions added: Granted to role "Test role": [u'sshmgr.authorize_keys', u'sshmgr.delete_authorized_keys']
Admin Role Permissions Removed
ID: 206
Description: Admin role permissions removed
Admin Role Added
ID: 207
Description: Role(s) added to account
Example:
Jul 2 14:59:43 keymanager sshmgr[27127]/audit INFO: AUDIT: [superuser] Role(s) added to account: Added "romanh" to role(s) [u'supervisors']
Admin Role Removed
ID: 208
Description: Role(s) removed from account
Example:
Jun 28 11:25:52 keymanager sshmgr[19816]/audit INFO: AUDIT: [superuser] Role(s) removed from account: Removed "romanh" from role(s) [u'supervisors']
Account Created
ID: 209
Description: Admin account created
Example:
Jul 2 14:59:43 keymanager sshmgr[27127]/audit INFO: AUDIT: [superuser] Admin account created: Created account "romanh"
Account Deleted
ID: 210
Description: Admin account removed
Role Created
ID: 211
Description: Admin role created
Example:
Jun 28 11:21:17 keymanager sshmgr[19813]/audit INFO: AUDIT: [superuser] Admin role created: Created role "test role"
Role Deleted
ID: 212
Description: Admin role deleted
Account Enabled
ID: 213
Description: Admin account enabled
Account Disabled
ID: 214
Description: Admin account disabled
Account Field Changed
ID: 215
Description: Admin account modified
Account Password Changed
ID: 216
Description: Admin account password changed
Role Mapping Removed
ID: 217
Description: LDAP group unmapped from role
Role Mapping Added
ID: 218
Description: LDAP group mapped to role
Role Field Changed
ID: 219
Description: Admin role modified
Locked Account Login Attempt
ID: 220
Description: Attempt to login with a locked admin account
Object Permission Action
ID: 250
Description: Object Permission Action
Application Affiliation Change
ID: 260
Description: Object Application Affiliation Changed
Mgmt Server Tagging Changed
ID: 270
Description: Management Server Tagging Changed
Host Tagging Changed
ID: 271
Description: Host Tagging Changed
Host Backend Tagging Changed
ID: 272
Description: Host Backend Tagging Changed
User Tagging Changed
ID: 273
Description: User Tagging Changed
Application Tagging Changed
ID: 274
Description: Application Tagging Changed
Host Key Tagging Changed
ID: 275
Description: Host Key Tagging Changed
Private Key Tagging Changed
ID: 276
Description: Private Key Tagging Changed
Auth Key Tagging Changed
ID: 277
Description: Authorized Key Tagging Changed
Object Permission Users Changed
ID: 278
Description: Object Permission Users Changed
Object Permission Groups Changed
ID: 279
Description: Object Permission Groups Changed
Host Group Hosts Changed
ID: 280
Description: Host Group Hosts Changed
Rbac Object Action
ID: 297
Description: Role based access control object change
Role Change
ID: 298
Description: Role change
Permission Change
ID: 299
Description: Permission change
Host Deployment
ID: 300
Description: Host Deployment
Example:
Apr 11 17:56:18 keymanager audit(6381) INFO: AUDITED: 2012-04-11 17:56:18.058214 [system]: Host Deployment
Host Scan
ID: 400
Description: Host Scan
Example:
Apr 11 17:56:57 keymanager audit(6455) INFO: AUDITED: 2012-04-11 17:56:57.419492 [system]: Host Scan
Host Key Activity Scan
ID: 401
Description: Host Key Activity Scan
Generate Private Key
ID: 500
Description: Generate Private Key
Example:
Apr 4 20:26:06 keymanager audit(4341) INFO: AUDITED: 2012-04-04 20:26:06.236353 [system]: Generate Private Key
Add Authorized Key
ID: 501
Description: Add Authorized Key
Example:
Apr 4 20:26:18 keymanager audit(4365) INFO: AUDITED: 2012-04-04 20:26:18.014274 [system]: Add Authorized Key
Remove Authorized Key
ID: 502
Description: Remove Authorized Key
Example:
Jun 16 23:58:54 keymanager <30>sshmgr[7930]/audit INFO: AUDIT: [superuser] Remove Authorized Key: Modified [auth key:13] server246.yourdomain.com:/root/.ssh/authorized_keys [32:b3:2f:35:16:d0:e0:4a:c5:7e:50:87:30:47:9a:d4 (ssh-rsa 2048 bits)])
Add Authorizations
ID: 503
Description: Add Authorizations
Example:
Jun 16 23:38:02 keymanager <30>sshmgr[6131]/audit INFO: AUDIT: [superuser] Add Authorizations: server246.yourdomain.com -> server247.yourdomain.com (Reason: Test authorization, rsa:2048)', server246.yourdomain.com -> server248.yourdomain.com (Reason: Test authorization, rsa:2048)']
Remove Authorizations
ID: 504
Description: Remove Authorizations
Example:
Jun 16 23:58:47 keymanager <30>sshmgr[6133]/audit INFO: AUDIT: [superuser] Remove Authorizations: [u'* -> server246.yourdomain.com:/root/.ssh/authorized_keys [32:b3:2f:35:16:d0:e0:4a:c5:7e:50:87:30:47:9a:d4 (ssh-rsa 2048 bits)]', u'* -> server247.yourdomain.com:/root/.ssh/authorized_keys [96:da:ad:50:9d:cc:53:88:12:24:91:48:e2:53:47:01 (ssh-rsa 2048 bits)]', u'* -> server248.yourdomain.com:/root/.ssh/authorized_keys [a8:68:98:f6:59:76:ba:80:bf:e7:67:c5:74:2f:cd:c0 (ssh-rsa 2048 bits)]', u'* -> server249.yourdomain.com:/root/.ssh/authorized_keys [4e:05:3f:cf:38:4d:70:4c:ab:3a:20:2e:c7:b0:ac:47 (ssh-rsa 2048 bits)]', u'* -> server250.yourdomain.com:/root/.ssh/authorized_keys [1b:23:88:6c:91:2a:df:f7:c5:7d:76:2b:25:b3:95:ee (ssh-rsa 2048 bits)]', u'* -> server251.yourdomain.com:/root/.ssh/authorized_keys [39:38:2f:5a:9c:94:f9:67:5c:2d:f7:f3:42:c9:60:05 (ssh-rsa 2048 bits)]', u'* -> server252.yourdomain.com:/root/.ssh/authorized_keys [d1:ea:17:a5:e2:60:7a:02:da:dd:42:ef:fa:76:e3:69 (ssh-rsa 2048 bits)]', u'* -> server253.yourdomain.com:/root/.ssh/authorized_keys [78:b5:43:c0:38:de:ba:e2:94:30:d9:34:5d:a0:77:08 (ssh-rsa 2048 bits)]', u'* -> server254.yourdomain.com:/root/.ssh/authorized_keys [a2:e5:b6:30:bf:e6:2d:30:e0:8a:a0:ed:3a:7c:95:53 (ssh-rsa 2048 bits)]', u'* -> server255.yourdomain.com:/root/.ssh/authorized_keys [80:43:2c:ce:dc:2c:51:fd:be:ae:3b:a5:c3:87:b6:b2 (ssh-rsa 2048 bits)]', u'* -> server256.yourdomain.com:/root/.ssh/authorized_keys [95:43:38:ee:8a:5c:53:c4:57:29:2f:7c:81:6b:f4:aa (ssh-rsa 2048 bits)]']
Private Key Generation Failed
ID: 505
Description: Private Key generation failed
Remove Private Key
ID: 506
Description: Remove Private Key
Key Blacklisted
ID: 507
Description: Key blacklisted
Key Un Blacklisted
ID: 508
Description: Key unblacklisted
Create ICB
ID: 600
Description: Create ICB
Example:
Apr 21 04:04:27 keymanager audit(6707) INFO: AUDITED: 2012-04-21 04:04:27.328733 [system]: Create ICB
Host State Change
ID: 650
Description: Host state change
Host Deletion
ID: 660
Description: Host deleted
Conf Deployment
ID: 670
Description: Configuration deployed