Traceability of changes via GUI

Unanswered Question
Dec 8th, 2011
User Badges:

Hi all


I have the requirement that ALL configuration changes (CLI and GUI) are traceable (=logs sent to our central syslog server).


For CLI changes, I just had to create a new cli-logs-subscription and forward the logs to the syslog server. Now every command is perfectly logged.


But for GUI changes, I haven't managed to achieve full traceability of changes. If I use a "HTTP log subscription", I can only see HTTP Requests, but NOT which values and parameters have been changed.


Any possibility to make GUI changes completely traceable?


Thanks & regards!

Chris

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Enrico Werner Thu, 12/08/2011 - 08:02
User Badges:

Hi Chris,


I agree that it is not very pleasant to search in the GUI log file, but it is the right file if you want to trace back configuration changes made on the GUI.


AsyncOS 7.5 includes a configuration history log that consists of a configuration file with an additional section listing the name of the user, a description of where in the configuration the user made changes, and the comment the user entered when committing the change. Each time a user commits a change, a new log is created containing the configuration file after the change.


Version 7.5 should be released in the next few days/weeks.


Best regards,

Enrico

christoph.boesch Thu, 12/08/2011 - 23:15
User Badges:

Hi Enrico


Thanks for your answer!


The GUI log only displays which pages have been requested, but not which values have been changed. So IMHO it's not possible to trace back configuration changes with this log.


I'm already using 7.5 and configuration history log, but unfortunately it's not possible to export this information via syslog.


Any other possibilities?


Regards

Chris

Enrico Werner Fri, 12/09/2011 - 01:36
User Badges:

Hi Chris,


below is an example from the GUI log which shows a commit for a content filter creation:


Fri Dec  9 10:13:02 2011 Info: req:144.254.42.170 user:admin id:qIjQj3CkVncB88I2QaG7 200 GET /commit?referrer=https://10.31.110.70/mail_policies/email_security_manager/incoming_content_filters HTTP/1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:8.0.1) Gecko/20100101 Firefox/8.0.1


So the trick is to grep for "GET /commit".


The configuration log is dumping the entire configuration to the disk which may have as much as several megabytes in size. For this particular file you could SCP push to some external server instead of using syslog.


Best regards,

Enrico

Actions

This Discussion