Hello,

My application provides access to an external database through the Conf-D Data Provider API. For auditing purposes, I would like to log some information about who/what/why the data in the external database is being accessed. Specifically, I would like to know if the data callbacks cb_get_object(), cb_find_next_object(), etc. being invoked by Conf-D are the result of a NETCONF (to build a diff) vs. a NETCONF or .

Is there a way to determine which NETCONF operation , , , etc. initiated the transaction? For example, is there anything provided via the transaction callbacks or data callbacks that would provide this information or could be used to query this information from Conf-D?

Thank you,
Matt

To expand on my question above, I’d really like to be able to log the operation and subtree/xpath filter from my application.

I’d like to log something like the following for get operations:

INFO myuser@203.0.113.23 <get> /if:interfaces/interface[name='eth0']/enabled succeeded with response 'ok'
INFO myuser@203.0.113.23 <get-config> /if:interfaces/interface[name='eth0']/enabled succeeded with response 'ok'

I’d like to log something like the following for set operations:

INFO myuser@203.0.113.23 modify /if:interfaces/interface[name='eth0']/enabled = false
INFO myuser@203.0.113.23 <edit-confg> succeeded with response 'ok'

I’m able to figure out how to log ‘set’ operations, but it is not clear how I could log ‘get’ operations.

The information for get operations is spread out and not that easy to retrieve.

• Get the session id from the netconf log or from the netconf trace log
• Get the subtree/xpath from the netconf trace log based on the session id.
• Get the mapping between session id and transaction handle + the callback invoked for that transaction from the developer log.
• Get the “ok” or rpc-reply/rpc-error from the netconf trace log or netconf log.