Chef server activity logging/auditing

Hi all,

Hopefully someone else had the need we have and can provide some advice!

We’re running an instance of Chef server 10.12 with 100+ active users
modifying cookbooks, roles, environments, and bootstrapping new hosts. Each
user has a unique client key.

Occasionally we see a role, environment, or node/client object deleted,
either accidentally or on purpose. Upon going through the logs Chef
provides, we can’t identify who does what, since that information isn’t

(nginx example log entry)
chef-server-access.log.2.gz - - [15/Jul/2013:18:59:50 -0700] “DELETE /nodes/ HTTP/1.1” 200 218 “-” “Chef Knife/0.10.8
(ruby-1.8.7-p358; ohai-0.6.10; universal-darwin13.0; +”
"-“ - - [15/Jul/2013:18:59:50 -0700] “DELETE /clients/ HTTP/1.1” 200 56 “-” “Chef Knife/0.10.8
(ruby-1.8.7-p358; ohai-0.6.10; universal-darwin13.0; +”
”-" - - [15/Jul/2013:23:12:56 -0700] “DELETE /roles/example-role
HTTP/1.1” 200 917 “-” “Chef Knife/10.16.2 (ruby-1.9.3-p327; ohai-6.14.0;
i386-mingw32; +” “-”

(unicorn example log entry)
~ Started request handling: Tue Jul 16 16:42:33 -0700 2013
~ Params: {“format”=>nil, “action”=>“destroy”, “_method”=>“delete”, “id”=>“”, “controller”=>“nodes”}
~ Redirecting to:
https://chef-test/nodes?_message=BAh7BjoLbm90avbSBkZWxldGVkIHN1Y2Nlc3uZ28tMi5kZXYtMS5jbG91 ZC5lZG11bmRzLmxGVkIHN1Y2vbSBkZWxldGVkIHN1Y2Nlc3Nlc3NmdWxseQ%3D%3D (301)
~ {:dispatch_time=>0.571713, :before_filters_time=>0.270627,
:action_time=>0.570461, :after_filters_time=>1.1e-05}

Is there a way for us to get any kind of changes posted to Chef server
audited, so we can determine who’s doing what? Thanks in advance!

Best regards, Dmitriy V.