The audit-log-events parameter controls the event types that are output to the audit log.  This parameter uses the YANG “bits” type, so any combination of the following bit definitions are permitted:

  • edit-candidate:  Save candidate datastore edit events in the audit log.  If the --audit-log-candidate parameter is set to true, or the <candidate> datastore is not present, then this bit will be ignored.

                Example audit log entry:

               

edit-transaction 9616: on session 3 by user@127.0.0.1
  time: 2018-09-04T20:44:44Z
  message-id: 2
  trace-id: --
  datastore: candidate
  operation: create
  target: /t:int16.1
  comment: none


  • edit-running:  Save running datastore edit events in the audit log.

                Example audit log entry:


edit-transaction 9617: on session 3 by user@127.0.0.1
  time: 2018-09-04T20:44:47Z
  message-id: 3
  trace-id: --
  datastore: running
  operation: create
  target: /t:int16.1
  comment: none  


  • update-startup:  Save startup datastore update events in the audit log. If the <startup> datastore is not present then this bit will be ignored.

                Example audit log entry:


update-startup on session 3 by user@127.0.0.1
  time: 2018-09-04T20:44:52Z
  message-id: 5
  sourcetype: datastore
  source: running


  • client-session: Save client session start and end events in the audit log.

                Example audit log entries (start-client-session and end-client-session):



start-client-session:
  time: 2018-09-04T20:44:31Z
  protocol: NETCONF
  transport: netconf-ssh
  username: user
  peeraddr: 127.0.0.1
  session ID: 3


end-client-session:
  time: 2018-09-04T20:50:23Z
  protocol: NETCONF 1.1
  transport: netconf-ssh
  username: user
  peeraddr: 127.0.0.1
  session ID: 3
  term reason: closed
  killed-by: 3


  • control-session: Save YControl session start and end events in the audit log.

                Example audit log entries (start-control-session and end-control-session):


start-control-session:
  time: 2018-09-04T20:53:59Z
  protocol: YControl
  transport: netconf-aflocal
  username: user
  peeraddr: 127.0.0.1
  session ID: 3


end-control-session:
  time: 2018-09-04T21:02:39Z
  protocol: YControl
  transport: netconf-aflocal
  username: user
  peeraddr: 127.0.0.1
  session ID: 3
  term reason: dropped
  killed-by: 0


  • acm-write-error:  Save access control write access denied events in the audit log.

                Example audit log entry:


nacm-write-error:
  time: 2018-09-04T21:04:51Z
  username: user
  operation: create leaf int32.1
  path:: /t:int32.1


  • acm-exec-error:  Save access control execute access denied events in the audit log.

                Example audit log entry:


nacm-exec-error:
  time: 2018-09-04T21:08:54Z
  username: user
  module name: yumaworks-system
  RPC name: load


The audit-log-events parameter is only used in combination with the audit-log parameter.

The default value is "edit-running".


The audit-log-events parameter can be set via the command line when booting netconfd-pro:


user@system> netconfd-pro --audit-log=/tmp/netconfd-pro-audit.log --audit-log-events="edit-running acm-write-error acm-exec-error client-session"


or  configured in netconfd-pro's configuration file, usually /etc/yumapro/netconfd-pro.conf:


#
#### leaf audit-log-events
#
# Configures the audit log events that will be saved as
# audit records to the audit log.  This does not affect
# debug logging to the server console log. Type is bits.
#
# bit definitions:
#     edit-candidate
#     edit-running
#     update-startup
#     client-session
#     control-session
#     acm-write-error
#     acm-exec-error
#
# audit-log-events edit-running
#
audit-log-events "edit-running client-session acm-write-error acm-exec-error"