3 title: SimpleRPC Auditing
6 [SimpleRPCIntroduction]: index.html
7 [AuditCentralRPCLog]: http://projects.puppetlabs.com/projects/mcollective-plugins/wiki/AuditCentralRPC
11 As part of the [SimpleRPC][SimpleRPCIntroduction] framework we've added an auditing system that you can use to log all requests received into a file or even send it over mcollective to a central auditing system. What actually happens with audit data is pluggable and you can provide your own plugins to do what you need.
13 The clients will include the _uid_ of the process running the client library in the requests and the audit function will have access to that on the requests.
16 To enable logging you should set an option to enable it and also one to configure which plugin to use:
20 rpcauditprovider = Logfile
23 This sets it up to use _MCollective::Audit::Logfile_ plugin for logging evens.
25 The client will embed a caller id - the Unix UID of the program running it or SSL cert - in requests which you can find in the _request_ object.
29 Auditing is implemented using plugins that you should install in the normal plugin directory under _mcollective/audit/_. We have a sample Logfile plugin that you can see below:
37 def audit_request(request, connection)
38 logfile = Config.instance.pluginconf["rpcaudit.logfile"] || "/var/log/mcollective-audit.log"
41 now_tz = tz = now.utc? ? "Z" : now.strftime("%z")
42 now_iso8601 = "%s.%06d%s" % [now.strftime("%Y-%m-%dT%H:%M:%S"), now.tv_usec, now_tz]
44 File.open(logfile, "w") do |f|
45 f.puts("#{now_iso8601}: reqid=#{request.uniqid}: reqtime=#{request.time} caller=#{request.caller}@#{request.sender} agent=#{request.agent} action=#{request.action} data=#{request.data.pretty_print_inspect}")
53 As you can see you only need to provide one method called _audit_request_, you will get the request in the form of an _MCollective::RPC::Request_ object as well as the connection to the middleware should you wish to send logs to a central host.
55 The Logfile plugin takes a configuration option:
58 plugin.rpcaudit.logfile = /var/log/mcollective-audit.log
61 We do not do log rotation of this file so you should do that yourself if you enable this plugin.
66 2010-12-28T17:09:03.889113+0000: reqid=319719cc475f57fda3f734136a31e19b: reqtime=1293556143 caller=cert=nagios@monitor1 agent=nrpe action=runcommand data={:process_results=>true, :command=>"check_mailq"}
69 Other plugins can be found on the community site like [a centralized logging plugin][AuditCentralRPCLog].