Re: Logging user actions

[Deepak Kodihalli <dkodihal@linux.vnet.ibm.com>]

On 28/05/18 5:30 pm, Alexander Amelkin wrote:
> Hi all!
> 
> Customers ask us for extensive user action logging. That is, they want
> to log everything that a user may change in the system. They want to
> know who, how (via which interface) and when changed what. That includes
> but is not limited to network configuration, host power on/off, reboots,
> power restoration policy changing, firmware updates, user
> addition/deletion and password changing, et al.
> 
> We could listen for dbus signals and log most of that, but that way we
> wouldn't know whether a user made a change or that was some internal
> work. Additionally, that would yield an enormous amount of data logged
> if we just log every property change. We could limit logging to a
> predefined subset of properties, but when later the community adds a new
> crucial property, we could miss it in our logs.
> 
> We could log requests at each user interface (thankfully, we don't allow
> shell access for users), but that would mean having copies of the same
> logic in different subsystems, which is error prone, plus those copies
> will definitely diverge with time.
> 
> Does anyone have any idea on how to best implement such a requirement?


phosphor-dbus-monitor has event monitoring support. You can specify via 
build-time config (YAML files) what D-Bus interfaces/properties you're 
interested in, and a corresponding "event" D-Bus object is created under 
the /events/<event_category>/ namespace. This was implemented via
https://github.com/openbmc/openbmc/issues/2254.

This doesn't address all of the concerns you've mentioned above in terms 
of the amount of data that can be logged. It helps specify the 
properties of interest though, and the event D-Bus objects are persisted 
upto a certain limit.

> Alexander Amelkin
> YADRO
> 
> 

Regards,
Deepak