I have enabled audit for login/logout/CLI commands executed by enabling /confdConfig/logs/auditLog. I have also subscribed to audit notifications (NOTIF_AUDIT) in a script to read these notifications.
I don’t see notifications for operations executed via NETCONF (both configuration changes as well as operational commands like actions/RPCs are missing).
I also don’t see any log symbols(in confd_logsyms.h) for audit events created via NETCONF.
How can I enable audit notifications for operations done via NETCONF?
I tried subscribing to NOTIF_NETCONF to check if this satisfies my need, but it seems to be too high-level when compared to NOTIF_AUDIT and doesn’t for e.g. give the exact configuration change involved.
I am not able to see this issue in my setup (Using ConfD 7.7 and the example that comes with ConfD, under: $CONFD_DIR/examples.confd/misc/notifications).
Maybe you have a missing handling of the NETCONF related ConfD notifications in your code. See:
case CONFD_NOTIF_DAEMON:
case CONFD_NOTIF_NETCONF:
case CONFD_NOTIF_DEVEL:
case CONFD_NOTIF_JSONRPC:
case CONFD_NOTIF_WEBUI:
printf("syslog: sym=%d/%s prio=%d msg=%s\n",
n.n.syslog.logno,
confd_log_symbols[n.n.syslog.logno],
n.n.syslog.prio,
n.n.syslog.msg);
break;
Please use the example confd_notifications to reproduce the issue in your setup.
@nabil
I had included “CONFD_NOTIF_NETCONF” flag as well, but I seem to have missed looking at some notifications the last time and now that I check again, I see the notifications for NETCONF operations as well. Thanks!
I still don’t see the actual configuration changes done as part of a commit in the notifications when subscribed to CONFD_NOTIF_NETCONF. However, I have been able to get this information from another place i.e. the audit notifications (CONFD_NOTIF_AUDIT) by enabling “/confdConfig/logs/auditLogCommit” setting.
In one place I would like to see some more information, please let me know if there is any way I can achieve this:
When I execute an action via NETCONF, I don’t see the input parameters for the action.
For e.g. this is the YANG model for the action.
action create {
tailf:info "Backup single configuration";
tailf:exec "/usr/libexec/confd/backup-single-config"
description
"Takes a single backup of the configuration and stores it,
locally and/or on a configured remote host.";
input {
leaf local {
type empty;
}
leaf remote {
type leafref {
path "../../../../system/remotehosts/server/name";
}
}
}
output {
leaf backup-filename {
type string;
}
}
}
I don’t see the local or remote input parameters passed for the action in the content of the notification. Is there any way I can get this information as well? Thanks in advance!