I would like to know if it is possible to have access and authentication logs for icingaweb2, so we can know who was logged and who performed actions.
I use a docker setup at work (i cannot join my docker-compose file for security reasons), and nothing is written in the apache2 logs (error.log|access.log)…
I installed the audit module, configured to “file” with default file path but nothing is shown in the tab, with the message “no activity has been recorded”.
Is there any other way to do this without installing icinga director? i don’t even know if director will log actions that’s not made through it…
Sorry in advance if i made a duplicate, but i did not find a similar topic when i searched (could have missed it though)
Thank you very much!
Icinga Web 2 version 2.12.4
Used modules and their versions (System - About) audit, icingadb, incubator, businessprocess
Web browser used - chromium
Icinga 2 version used (icinga2 --version) 2.15.0
PHP version used (php --version) 8
Server operating system and version - debian stable
Welcome to the Icinga Community and thanks for posting.
If you are using Docker or containers in general, please verify that the PHP process within the container can write to the correct file and that this file is correctly mounted on the host. Perhaps create a Docker volume, mount it to some directory in the container and let the logs be created there.
Btw, the official Icinga Docker containers should log to stdout/stderr and not to the ephemeral Apache log files to be deleted after restarting the container. Please check docker logs.
The audit module is not related to the Director in any way. These are completely independent. Furthermore, I don’t know what or how the Director logs.
yes i did but as Alvar said, i’ll check my dockerfile for php writing rights
I found this line in the container log (apache2) :
icingaweb2: ERROR - Failed to propagate audit message to hook “Icinga\Module\Audit\ProvidedHook\AuditLog”. An error occurred: RuntimeException in /usr/share/icingaweb2/library/Icinga/Util/File.php:39 with message: SplFileObject::__construct(/var/log/icingaweb2/audit.log): Failed to open stream: No such file or directory
looks like the apache2 user needs some write rights to /var/log/icingaweb2
I am currently updating my dockerfile, i will get back to you with the result
