Netconf audit log

It seems that only CLI history commands can be recorded in ConfD auditLog.

/confdConfig/cli/auditLogMode and /confdConfig/logs/auditLogCommit can be used to control auditLog content, but no Netconf audit control options.

I assume NetconfTraceLog is used as Netconf audit log from ConfD perspective?

Could you share ConfD’s view on Netconf audit? Thanks.

auditLog is an audit log recording successful and failed logins to the ConfD backplane. All northbound interfaces logins to ConfD are logged in the audit log.

audit log can also record all the CLIs that user executed on ConfD CLI as /confdConfig/cli/auditLogMode default value is ‘all’, while the netconf messages that were issued from netconf client are not recorded in auditLog, so I wonder if ConfD only takes the audit log as recording for login/logout and CLI history? What’s ConfD’s view on the Netconf audit?

Hi,
If you want to add for example NETCONF log entries to the audit log too, you can register for receiving CONFD_NOTIF_NETCONF notificaions and put them into a merged audit log.
See confd_lib_events(3) man page and ConfD 6.3 UG Chapter 12. Notifications