Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1918
Views
0
Helpful
4
Replies

How to generate webui NSO actions audit log

Go to solution
cnicasio
Level 1
Level 1

‎11-16-2021 05:28 AM

As far as I know, all CLI operations are logged to audit.log. That includes service modification, and executing NSO actions.

However, if this operations are done using the webui, I don't find a way to audit log these operations.

There is an ncs.conf setting, audit-log-commit, that helps a bit for CDB modifications, but is of no help for the case of NSO actions.

Any suggestions?

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
perander
Cisco Employee
Cisco Employee

‎11-19-2021 05:05 AM

Is the ncs.conf setting /ncs-config/webui/audit enabled? It's disabled by default.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
perander
Cisco Employee
Cisco Employee

‎11-18-2021 05:38 AM - edited ‎11-18-2021 05:40 AM

From ncs.conf(5) man page

/ncs-config/logs/audit-log
   audit-log is an audit log recording successful and failed logins to the
   NCS backplane and also user operations performed from the CLI or
   northbound interfaces. This log is enabled by default. In all other regards
   it can be configured as /ncs-config/logs/ncs-log. This log is not rotated,
   i.e. use logrotate(8).

What is it that is not logged in the audit log?

In particular, what action performed from the CLI is logged but the corresponding
action performed from the webui is not logged?

0 Helpful

Go to solution
cnicasio
Level 1
Level 1
In response to perander

‎11-18-2021 05:45 AM

This is audit.log after doing a "re-deploy dry-run" from GUI:

<INFO> 18-Nov-2021::10:41:41.565 nsod-ap01 ncs[10752]: audit user: admin/0 logged in via webui from 172.28.44.143:58380 with http using local authentication
<INFO> 18-Nov-2021::10:41:41.566 nsod-ap01 ncs[10752]: audit user: admin/1667 assigned to groups: ncsadmin
<INFO> 18-Nov-2021::10:41:41.566 nsod-ap01 ncs[10752]: audit user: admin/1667 created new session via webui from 172.28.44.143:58380 with http
<INFO> 18-Nov-2021::10:42:06.587 nsod-ap01 ncs[10752]: audit user: admin/1667 NCS service-out-of-sync Service '/services/vrf:vrf_container/vrf{xyz}' Info ''

 

There is almost no info. For example, we don't which action was run, nor its input parameters.

0 Helpful

Go to solution
perander
Cisco Employee
Cisco Employee

‎11-19-2021 05:05 AM

Is the ncs.conf setting /ncs-config/webui/audit enabled? It's disabled by default.

0 Helpful

Go to solution
cnicasio
Level 1
Level 1
In response to perander

‎11-19-2021 06:20 AM

Yes! that was the issue. Thanks a lot for your help!

 

0 Helpful
Customers Also Viewed These Support Documents