[keystone][swift] audit logs

Sharath Ck sharath.madhava at gmail.com
Thu May 19 15:27:37 UTC 2022 

Hi Pete,

That’s correct. Audit map file path is picked from proxy_server.conf but
notification details are not. Is this a known issue? Or Audit is not
supported in Swift ?

Regards,
Sharath

On Thu, 19 May 2022 at 8:53 PM, Pete Zaitcev <zaitcev at redhat.com> wrote:

> I looked briefly at keystonemiddleware.audit here
>
> https://github.com/openstack/keystonemiddleware/tree/master/keystonemiddleware/audit
>
> And I highly doubt that it can work in Swift's pipeline.
> For one thing, it gets its configuration with oslo_config,
> and I don't know if that's compatible.
>
> -- Pete
>
> On Wed, 18 May 2022 13:59:50 +0530
> Sharath Ck <sharath.madhava at gmail.com> wrote:
>
> > Hi,
> >
> > I am currently trying to add keystone audit middleware in Swift.
> Middleware
> > is managed in swift proxy server, hence I have added the audit filter in
> > proxy server conf and have mentioned audit_middleware_notifications
> driver
> > as log in swift.conf .
> > I can see REST API call flow reaching audit middleware and constructing
> the
> > audit event with minimal data as Swift is not loading service catalog
> > information. But the audit event is not getting notified as per
> > audit_middleware_notifications. I tried adding
> oslo_messaging_notifications
> > with the driver as log, but audit events are not getting notified.
> >
> > Below are the changes in swift_proxy_server container,
> >
> > proxy-server.conf
> >
> > [pipeline:main]
> > pipeline = catch_errors gatekeeper healthcheck cache container_sync bulk
> > tempurl ratelimit formpost authtoken keystoneauth audit container_quotas
> > account_quotas slo dlo keymaster encryption proxy-server
> >
> > [filter:audit]
> > paste.filter_factory = keystonemiddleware.audit:filter_factory
> > audit_map_file = /etc/swift/api_audit_map.conf
> >
> > swift.conf
> >
> > [oslo_messaging_notifications]
> > driver = log
> >
> > [audit_middleware_notifications]
> > driver = log
> >
> > Kindly confirm whether the configuration changes are enough or need more
> > changes.
> >
> > Regards,
> > Sharath
>
> --
Regards,
Sharath
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20220519/0a86dcab/attachment.htm>

More information about the openstack-discuss mailing list