NuKVM/xen-orchestra
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

docs(users): add audit log documentation (#5342)

Browse Source 
* docs: audit log
* docs: grammar edit for audit log info
* Fixes #5340

Co-authored-by: Jon Sands <fohdeesha@gmail.com>
This commit is contained in:
badrAZ 2020-10-24 12:53:38 +02:00 committed by GitHub
parent 7ebeb37881
commit af7bcf19ab
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 28 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
docs/assets/audit_log_configuration.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 26 KiB

28
docs/users.md
View File

@ -278,6 +278,34 @@ Now, your authorized users can create VMs with their SSH keys, grow template dis
![](https://pbs.twimg.com/media/CYMt2cJUkAAWCPg.png)
## Audit log
XO Audit Log is a plugin that records all important actions performed by users and provides the administrators an overview of each action. This gives them an idea of the users behavior regarding their infrastructure in order to track suspicious activities.
### How does it work?
XO Audit Log listens to important actions performed by users and stores them in the XOA database using the [hash chain structure](https://en.wikipedia.org/wiki/Hash_chain).
### Trustability of the records
Stored records are secured by:
- structure: records are chained using the hash chain structure which means that each record is linked to its parent in a cryptographically secure way. This structure prevents the alteration of old records.
- hash upload: the hash chain structure has limits, it does not protect from the rewrite of recent/all records. To reduce this risk, the Audit log plugin regularly uploads the last record hash to our database after checking the integrity of the whole record chain. This functionality keeps the records safe by notifying users in case of alteration of the records.
### Configuration
The recording of the users' actions is disabled by default. To enable it:
1. go into `settings/plugins`
2. expand the `audit` configuration
3. toggle active and save the configuration
![](./assets/audit_log_configuration.png)
Now, the audit plugin will record users' actions and upload the last record in the chain every day at **06:00 AM (UTC)**.
## Debugging
If you can't log in, please check the logs of `xo-server` while you attempt to connect. It will give you hints about the error encountered. You can do that with a `tail -f /var/log/syslog -n 100` on your XOA.