Commit graph

28 commits

Author SHA1 Message Date
Tommy Murphy ca06bc0b53 audit: support a configurable prefix string to write before each message (#2359)
A static token at the beginning of a log line can help systems parse
logs better. For example, rsyslog and syslog-ng will recognize the
'@cee: ' prefix and will parse the rest of the line as a valid json message.
This is useful in environments where there is a mix of structured and
unstructured logs.
2017-02-10 16:56:28 -08:00
Brian Kassouf 128de55742 Added a warning about the dropped socket connection edge case 2017-02-07 11:06:36 -08:00
Brian Kassouf a566097657 Add info about UNIX sockets 2017-02-06 15:56:58 -08:00
Brian Kassouf af1847f2b4 Update the docs and move the logic for reconnecting into its own function 2017-02-04 16:55:17 -08:00
Harrison Harnisch b09077c2d8 add socket audit backend 2017-02-02 14:21:48 -08:00
vishalnayak 4da3cf3479 Fix file_path argument in audit's index.html 2017-01-18 21:43:29 -05:00
Raja Nadar d3f71e7232 doc: syslog change data type from bool to string (#1998) 2016-10-26 16:18:31 -04:00
Raja Nadar 9bba65e614 doc: change data type from boolean to string (#1997)
the api doesn't accept the boolean value. it needs a string containing a boolean value.
2016-10-26 11:29:42 -04:00
Laura Bennett 9fc5a37e84 address feedback 2016-10-09 22:23:30 -04:00
Laura Bennett 1b8d12fe82 changes for 'mode' 2016-10-08 19:52:49 -04:00
Laura Bennett 39e7732473 website documentation update 2016-10-07 15:48:29 -04:00
Jeff Mitchell 606d717ad9 Update changelog and website for GH-1958 2016-09-30 15:08:38 -04:00
Jeff Mitchell 0ff76e16d2 Transit and audit enhancements 2016-09-21 10:49:26 -04:00
Laura Bennett 483e796177 website update for request uuuid 2016-07-24 21:23:12 -04:00
Gérard de Vos eadf2faf83 Update index.html.md
According to the source it is expecting a description. log_raw is one of the options.
2016-03-31 14:19:03 +02:00
Gérard de Vos 13763203b6 Update index.html.md
description -> log_raw
2016-03-31 14:06:19 +02:00
vishalnayak 7a34cea28d Fix audit docs 2016-03-30 00:54:40 -04:00
vishalnayak 71fc07833f Rename id to path and path to file_path, print audit backend paths 2016-03-14 17:15:07 -04:00
Jeff Mitchell 9bfd24cd69 s/hash_accessor/hmac_accessor/g 2016-03-14 14:52:29 -04:00
vishalnayak 0602bb25f1 Remove redundant variables 2016-03-11 21:36:38 -05:00
vishalnayak 3e9bffd84f Doc update for syslog and file backends 2016-03-11 21:14:39 -05:00
Jeff Mitchell 1c7157e632 Reintroduce the ability to look up obfuscated values in the audit log
with a new endpoint '/sys/audit-hash', which returns the given input
string hashed with the given audit backend's hash function and salt
(currently, always HMAC-SHA256 and a backend-specific salt).

In the process of adding the HTTP handler, this also removes the custom
HTTP handlers for the other audit endpoints, which were simply
forwarding to the logical system backend. This means that the various
audit functions will now redirect correctly from a standby to master.
(Tests all pass.)

Fixes #784
2015-11-18 20:26:03 -05:00
Jeff Mitchell 45e7e61d71 Update audit documentation around what hash is used 2015-11-18 10:42:42 -05:00
Emil Hessman 3d5f3d1d70 website: address minor doc typos 2015-04-28 20:32:04 +02:00
Armon Dadgar 848433a355 audit/file: add log_raw parameter and default to hashing 2015-04-27 15:56:41 -07:00
Armon Dadgar 1403fb987b website: Adding the syslog audit backend 2015-04-27 15:56:41 -07:00
Mitchell Hashimoto dd3a6bf37f website: clarify that secrets are no longer stored in audit logs 2015-04-21 16:23:16 +01:00
Mitchell Hashimoto 146c1fd37f website: audit backends 2015-04-19 22:59:39 -07:00