Configuring the Audit Logs

Settings in the $ZENHOME/etc/audit_log.conf configuration file determine the location and content of logged information output.

The audit_log.conf and audit_log.conf.example files are created at installation (if they do not exist).

An entry in the audit log indicates that a user attempted an action, but does not always indicate whether that action was successful. For example, a log entry stating that a user added a device simply indicates that the user created a job to add the device; however, the job could still fail when it runs at a later time.

As shown in the following sample, the configuration file contains examples and instructions for each of the output methods.

## Audit Log configuration file
## ## Initially this outputs up to 10 megs to ZENHOME/log/audit.log with 3 backups. 
## 
## To output to the syslog or somewhere else: 
## - Uncomment the desired handlers and formatters, or create your own. 
## - Update the "keys" lists under [handlers] and [formatters]. 
## - Update the "handlers" list under [logger_audit]. 
## - Restart Zope with "zenwebserver restart". 
## 
## To change the log severity level: 
## - Update "level" under [logger_audit] 
## 
## This file has all the features of the Python logging file format: 
## http://docs.python.org/library/logging.config.html#configuration-file-format 

[loggers] 
## DO NOT CHANGE 
keys=audit 

## 
## 
## List all output handlers here. (part 1 of 3) 
## This should match part 3 below. 
## 
## Example: keys=syslog,file,rotatingfile,timedrotatingfile,console 
## 
## 
[handlers] 
keys=rotatingfile 

## 
## 
## List all string formatters here. (part 2 of 3) 
## 
## Example: keys=syslog,file,console 
## 
## 

[formatters] 
keys=file 

[logger_audit] 
## DO NOT CHANGE 
qualname=zen.audit 
propagate=0 

## 
## 
## This is the severity level of all audit messages. 
## (DEBUG, INFO, WARNING, ERROR, CRITICAL) 
## 
## You can override the level of individual handlers below, 
## or keep them as NOTSET to use this default level. 
## 
## 
level=INFO 

## 
## 
## List all output handlers here. (part 3 of 3) 
## This should match part 1 above, except "handlers=" not "keys=". 
## 
## Example: handlers=syslog,file,rotatingfile,timedrotatingfile,console 
## 
## 
handlers=rotatingfile 
########################## Output Handlers 

## SysLog 
## 
## See http://docs.python.org/library/logging.handlers.html#sysloghandler 
## 
## Here are typical configurations: 
## 
## Linux: args=('/dev/log', handlers.SysLogHandler.LOG_USER) 
## OS/X : args=('/var/run/syslog', handlers.SysLogHandler.LOG_USER) 
## UDP : args=(('localhost', handlers.SYSLOG_UDP_PORT), 
##                                 handlers.SysLogHandler.LOG_USER) 
## 
## 
##[handler_syslog] 
##class=handlers.SysLogHandler 
##level=NOTSET 
##formatter=syslog 
##args=() 

## File 
## 
## See http://docs.python.org/library/logging.handlers.html#filehandler 
## 
## To store in ZENHOME/log: class=Products.ZenUtils.configlog.ZenFileHandler 
## To store elsewhere: class=FileHandler 
## 
## Format and example: 
## args=(filename, mode, encoding, delay) 
## args=('audit.log', 'a', None, True) 
## 
## 
##[handler_file] 
##class=Products.ZenUtils.configlog.ZenFileHandler 
##level=NOTSET 
##formatter=file 
##args=('audit.log', 'a', None, True) 


## RotatingFile 
## 
## See http://docs.python.org/library/logging.handlers.html#rotatingfilehandler 
## 
## To store in ZENHOME/log: class=Products.ZenUtils.configlog.ZenRotatingFileHandler 
## To store elsewhere: class=handlers.RotatingFileHandler 
## 
## Format: 
## args=(filename, mode, maxBytes, backupCount, encoding, delay) 
## 
## Example of one 10-meg file in ZENHOME/log/ 
## args=('audit.log', 'a', 10000000, 0, None, True) 
## 
## Example of ten 1-meg files in ZENHOME/log/audit/. The path must already exist. 
## args=('audit/audit.log', 'a', 1000000, 10, None, True) 
## 
## 
[handler_rotatingfile] 
class=Products.ZenUtils.configlog.ZenRotatingFileHandler 
level=NOTSET 
formatter=file 
args=('audit.log', 'a', 10485760, 3, None, True) 


## TimedRotatingFile 
## 
## See http://docs.python.org/library/logging.handlers.html#timedrotatingfilehandler 
## 
## To store in ZENHOME/log: class=Products.ZenUtils.configlog.ZenTimedRotatingFileHandler 
## To store elsewhere: class=handlers.TimedRotatingFileHandler 
## 
## Format and example: 
## args=(filename, when, interval, backupCount, encoding, delay, utc) 
## 
## Example of weekly log files for the past year in ZENHOME/log/audit/ 
## args=('audit/weekly.log', 'midnight', 7, 52, None, True, False) 
## 
## 
##[handler_rotatingfile] 
##class=Products.ZenUtils.configlog.ZenTimedRotatingFileHandler 
##level=NOTSET 
##formatter=file 
##args=('audit/weekly.log', 'midnight', 7, 52, None, True, False) 


## Console 
## 
## See http://docs.python.org/library/logging.handlers.html#streamhandler 
## 
## 
##[handler_console] 
##class=StreamHandler 
##level=NOTSET 
##formatter=console 
##args=(sys.stdout,) 


########################## String Formatters 
## 
## These must be uncommented if used by a handler above. 
## 
## See the very bottom of http://docs.python.org/library/logging.config.html 
## 
##
 
##[formatter_syslog] 
##format=zenoss[%(process)d]: %(message)s 


[formatter_file] 
format=%(asctime)s %(message)s 
datefmt=%Y-%m-%d %H:%M:%S 


##[formatter_console] 
##format=Audit: %(asctime)s %(message)s 
##datefmt=%H:%M:%S

After editing the audit_log.conf file, restart Zope with the command:

zenwebserver restart