Chef server activity logging/auditing


#1

Hi all,

Hopefully someone else had the need we have and can provide some advice!

We’re running an instance of Chef server 10.12 with 100+ active users
modifying cookbooks, roles, environments, and bootstrapping new hosts. Each
user has a unique client key.

Occasionally we see a role, environment, or node/client object deleted,
either accidentally or on purpose. Upon going through the logs Chef
provides, we can’t identify who does what, since that information isn’t
logged:

(nginx example log entry)
chef-server-access.log.2.gz
10.32.35.67 - - [15/Jul/2013:18:59:50 -0700] “DELETE /nodes/
h2o-1.propensity.example.com HTTP/1.1” 200 218 “-” “Chef Knife/0.10.8
(ruby-1.8.7-p358; ohai-0.6.10; universal-darwin13.0; +http://opscode.com)”
"-“
10.32.35.67 - - [15/Jul/2013:18:59:50 -0700] “DELETE /clients/
h2o-1.propensity.example.com HTTP/1.1” 200 56 “-” “Chef Knife/0.10.8
(ruby-1.8.7-p358; ohai-0.6.10; universal-darwin13.0; +http://opscode.com)”
”-"
10.32.78.188 - - [15/Jul/2013:23:12:56 -0700] “DELETE /roles/example-role
HTTP/1.1” 200 917 “-” “Chef Knife/10.16.2 (ruby-1.9.3-p327; ohai-6.14.0;
i386-mingw32; +http://opscode.com)” “-”

(unicorn example log entry)
unicorn-webui.stdout.log.1.gz
~ Started request handling: Tue Jul 16 16:42:33 -0700 2013
~ Params: {“format”=>nil, “action”=>“destroy”, “_method”=>“delete”, “id”=>“
mongo-2.example.com”, “controller”=>“nodes”}
~ Redirecting to:
https://chef-test/nodes?_message=BAh7BjoLbm90avbSBkZWxldGVkIHN1Y2Nlc3uZ28tMi5kZXYtMS5jbG91 ZC5lZG11bmRzLmxGVkIHN1Y2vbSBkZWxldGVkIHN1Y2Nlc3Nlc3NmdWxseQ%3D%3D (301)
~ {:dispatch_time=>0.571713, :before_filters_time=>0.270627,
:action_time=>0.570461, :after_filters_time=>1.1e-05}

Is there a way for us to get any kind of changes posted to Chef server
audited, so we can determine who’s doing what? Thanks in advance!


Best regards, Dmitriy V.