How to get more info in logs about GUI actions ?

B

bougatoyta

Member
Jun 8, 2021
71
7
13
34
Hi,
Is it possible to have more info when someone make an action in the GUI for audit ?

For exemple here is a log line (pmgproxy.log) when a user add a domain to a blacklist

<user> [31/08/2022:09:29:54 +0200] "POST /api2/extjs/config/ruledb/who/2/domain HTTP/1.1" 200 25

This is a proper start but I don't know what domain the user added.

IS this simply a verbose setting or is it not implemented ?

Regards
 
no, that's simply not implemented, just out of curiosity: why do you need that?
 
dcsapak said:
no, that's simply not implemented, just out of curiosity: why do you need that?
Click to expand...
I have a complain about my team adding gmail.com in the blacklist, but I know that no-one on our team did that, so I got into the proxmox log to check that out but the log does not give the ID of the object when created so I can't match that with the deletion of gmail.com in the blacklist.

Here is a full log of adding and deleting a domain in a "who" rule :

Code: 
#ADDING
root@pam [20/04/2023:10:59:23 +0200] "POST /api2/extjs/config/ruledb/who/2/domain HTTP/1.1" 200 25
root@pam [20/04/2023:10:59:23 +0200] "GET /api2/json/config/ruledb/who/2/objects HTTP/1.1" 200 2021
#DELETION
root@pam [20/04/2023:10:59:35 +0200] "DELETE /api2/extjs/config/ruledb/who/2/objects/7256 HTTP/1.1" 200 25
root@pam [20/04/2023:10:59:35 +0200] "GET /api2/json/config/ruledb/who/2/objects HTTP/1.1" 200 2075

The ID of the domain only show when deletion occurs (here 7256) so there's realistically no way to know with user added which domain in the blacklist.

And we have the ID when the domain is deleted '7256' but we can't know which domain it is, since there's no log of the DNS name.

Regards
 
**I agree that the lack of user activity logging is a security risk and makes it difficult to investigate incidents.

I would like to request that the following events be added in the next release:

  • Adding a user
  • Changing a user
  • Deleting a user**
#ADD USER
root@pam [21/12/2023:13:14:33 +0600] "POST /api2/extjs/access/users HTTP/1.1" 200 25
#MODIFY USER
root@pam [21/12/2023:13:14:57 +0600] "PUT /api2/extjs/access/users/hello%40pam HTTP/1.1" 200 25
#DELETE USER
root@pam [21/12/2023:13:15:00 +0600] "DELETE /api2/extjs/access/users//hello@pam HTTP/1.1" 200 25
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom