Tommy Murphy
ca06bc0b53
audit: support a configurable prefix string to write before each message ( #2359 )
...
A static token at the beginning of a log line can help systems parse
logs better. For example, rsyslog and syslog-ng will recognize the
'@cee: ' prefix and will parse the rest of the line as a valid json message.
This is useful in environments where there is a mix of structured and
unstructured logs.
2017-02-10 16:56:28 -08:00
Brian Kassouf
128de55742
Added a warning about the dropped socket connection edge case
2017-02-07 11:06:36 -08:00
Brian Kassouf
a566097657
Add info about UNIX sockets
2017-02-06 15:56:58 -08:00
Brian Kassouf
af1847f2b4
Update the docs and move the logic for reconnecting into its own function
2017-02-04 16:55:17 -08:00
Harrison Harnisch
b09077c2d8
add socket audit backend
2017-02-02 14:21:48 -08:00
vishalnayak
4da3cf3479
Fix file_path argument in audit's index.html
2017-01-18 21:43:29 -05:00
Raja Nadar
d3f71e7232
doc: syslog change data type from bool to string ( #1998 )
2016-10-26 16:18:31 -04:00
Raja Nadar
9bba65e614
doc: change data type from boolean to string ( #1997 )
...
the api doesn't accept the boolean value. it needs a string containing a boolean value.
2016-10-26 11:29:42 -04:00
Laura Bennett
9fc5a37e84
address feedback
2016-10-09 22:23:30 -04:00
Laura Bennett
1b8d12fe82
changes for 'mode'
2016-10-08 19:52:49 -04:00
Laura Bennett
39e7732473
website documentation update
2016-10-07 15:48:29 -04:00
Jeff Mitchell
606d717ad9
Update changelog and website for GH-1958
2016-09-30 15:08:38 -04:00
Jeff Mitchell
0ff76e16d2
Transit and audit enhancements
2016-09-21 10:49:26 -04:00
Laura Bennett
483e796177
website update for request uuuid
2016-07-24 21:23:12 -04:00
Gérard de Vos
eadf2faf83
Update index.html.md
...
According to the source it is expecting a description. log_raw is one of the options.
2016-03-31 14:19:03 +02:00
Gérard de Vos
13763203b6
Update index.html.md
...
description -> log_raw
2016-03-31 14:06:19 +02:00
vishalnayak
7a34cea28d
Fix audit docs
2016-03-30 00:54:40 -04:00
vishalnayak
71fc07833f
Rename id to path and path to file_path, print audit backend paths
2016-03-14 17:15:07 -04:00
Jeff Mitchell
9bfd24cd69
s/hash_accessor/hmac_accessor/g
2016-03-14 14:52:29 -04:00
vishalnayak
0602bb25f1
Remove redundant variables
2016-03-11 21:36:38 -05:00
vishalnayak
3e9bffd84f
Doc update for syslog and file backends
2016-03-11 21:14:39 -05:00
Jeff Mitchell
1c7157e632
Reintroduce the ability to look up obfuscated values in the audit log
...
with a new endpoint '/sys/audit-hash', which returns the given input
string hashed with the given audit backend's hash function and salt
(currently, always HMAC-SHA256 and a backend-specific salt).
In the process of adding the HTTP handler, this also removes the custom
HTTP handlers for the other audit endpoints, which were simply
forwarding to the logical system backend. This means that the various
audit functions will now redirect correctly from a standby to master.
(Tests all pass.)
Fixes #784
2015-11-18 20:26:03 -05:00
Jeff Mitchell
45e7e61d71
Update audit documentation around what hash is used
2015-11-18 10:42:42 -05:00
Emil Hessman
3d5f3d1d70
website: address minor doc typos
2015-04-28 20:32:04 +02:00
Armon Dadgar
848433a355
audit/file: add log_raw parameter and default to hashing
2015-04-27 15:56:41 -07:00
Armon Dadgar
1403fb987b
website: Adding the syslog audit backend
2015-04-27 15:56:41 -07:00
Mitchell Hashimoto
dd3a6bf37f
website: clarify that secrets are no longer stored in audit logs
2015-04-21 16:23:16 +01:00
Mitchell Hashimoto
146c1fd37f
website: audit backends
2015-04-19 22:59:39 -07:00