Remediate audit log

Sections

The Remediate audit logs key events in the system in a central location.

The audit log records the following events:

  • Failed login attempts
  • Successful login attempts
  • Creation of a new user
  • Removal of a user
  • Addition of a data source
  • Addition of credentials
  • Removal of a data source or credential
  • Discovery Events - this includes discovery events from VR sources.
  • Running of a Task
  • Upload of a custom task
  • Removal of a custom task

Accessing the audit log

The audit log can be accessed by running the mayday command (see Configuring Remediate for more details). Alternatively, you can copy the log files to the Docker host by using the following command:

docker cp `docker ps -f name=remediate_audit --format "{{.ID}}"`:/app/log_vol/. ./

Log file format and samples

The log file uses the following format:

{"msg":"<Message","source":"<Service Name>","timestamp":"<Timestamp","type":"<Event Type","user":"<username>"}

For example:

{"msg":"SSH credential (e405e192-d73d-4a74-8e98-635208155cc6) added","source":"controller","timestamp":"2020-05-01 10:36:49.7111308 +0000 UTC m=+759.485022701","type":"CREDENTIALS_ADDED","user":"admin"}
How helpful was this page?

If you leave us your email, we may contact you regarding your feedback. For more information on how Puppet uses your personal information, see our privacy policy.

Puppet sites use proprietary and third-party cookies. By using our sites, you agree to our cookie policy.