<div dir="ltr">I'm not familiar with that keystone middleware audit filter. How is that map file supposed to work? The entries don't seem to make sense to me, some are just plural mappings while others are completely different or map to None.</div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Jul 17, 2015 at 5:29 PM, John Stanford <span dir="ltr"><<a href="mailto:john@solinea.com" target="_blank">john@solinea.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi,<br>
<br>
Sorry about the resend, but subjects are good...<br>
<br>
I’ve been trying to get the API audit data flowing based on this document:<br>
<br>
<a href="http://docs.openstack.org/developer/keystonemiddleware/audit.html" rel="noreferrer" target="_blank">http://docs.openstack.org/developer/keystonemiddleware/audit.html</a><br>
<br>
So far, I’ve been able to get nova, cinder, and glance to do the right thing,<br>
but neutron doesn’t seem to want to play. I am getting some events through<br>
to ceilometer.  For example, when I create a port, I get a start and end<br>
event similar to this:<br>
<br>
{<br>
   "_index": "events_2015-07-17",<br>
   "_type": "port.create.end",<br>
   "_id": "e1dbf819-3e77-4357-b8db-83a359ef7cd9",<br>
   "raw": { },<br>
   "timestamp": "2015-07-17T23:10:37.846477",<br>
   "traits": {<br>
        "user_id": "e70fcebd828349ca8f1393e62ac87756",<br>
        "service": "<a href="http://network.myhost.com" rel="noreferrer" target="_blank">network.myhost.com</a>",<br>
        "resource_id": "09c1388a-59fe-49e9-bb17-fb353fd8dd3a",<br>
        "tenant_id": "970f2364df174040862210c9185c80ce",<br>
        "request_id": "req-3e2722e6-1903-477c-9523-2e4926caa6fb",<br>
        "project_id": "970f2364df174040862210c9185c80ce"<br>
}<br>
<br>
For other services, I’ll see a CADF formatted http.request.audit event.<br>
<br>
Here are the edits I’ve made to /etc/neutron/api-paste.ini file:<br>
<br>
# added the audit filter to the keystone pipeline after authtoken<br>
[composite:neutronapi_v2_0]<br>
use = call:neutron.auth:pipeline_factory<br>
noauth = request_id catch_errors extensions neutronapiapp_v2_0<br>
keystone = request_id catch_errors authtoken keystonecontext audit extensions neutronapiapp_v2_0<br>
<br>
<br>
# added the audit filter<br>
[filter:audit]<br>
paste.filter_factory = keystonemiddleware.audit:filter_factory<br>
audit_map_file = /etc/neutron/neutron_api_audit_map.conf<br>
<br>
The map file is snagged from here:<br>
<br>
<a href="https://github.com/openstack/pycadf/blob/master/etc/pycadf/neutron_api_audit_map.conf" rel="noreferrer" target="_blank">https://github.com/openstack/pycadf/blob/master/etc/pycadf/neutron_api_audit_map.conf</a><br>
<br>
Any suggestions, war stories, requests for more detail, etc. are greatly appreciated.<br>
<br>
<br>
Thanks,<br>
John<br>
@jxstanford<br>
<br>
<br>
<br>
_______________________________________________<br>
Mailing list: <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
Post to     : <a href="mailto:openstack@lists.openstack.org">openstack@lists.openstack.org</a><br>
Unsubscribe : <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div>Kevin Benton</div></div>
</div>