Home
AuditLog ZenPack adds a new button to the device page to pull audit logs from Kibana for that device.
Version 1.0.0
Released: 2018/6/18
Compatible with Zenoss 6.2
Requires: ZenPackLib ZenPack (https://www.zenoss.com/product/zenpacks/zenpacklib)
Additional button to the device page to pull audit logs from Kibana for that device.
This action performs a search using the Kibana REST API against the _msearch uri.
- kbn-xsrf: reporting
- Content-Type: application/json
The search query is also provided in the streaming window output.
{
"query": {
"filtered": {
"query": {
"query_string": {
"query": "fields.type: *zenossaudit* AND message: *device=<deviceUid>*",
"analyze_wildcard": True
}
}
}
},
"size": 500,
"sort":[
{
"@timestamp": {
"order": "desc",
"unmapped_type":"boolean"
}
}
],
"fields": ["message"],
"script_fields": {},
"fielddata_fields": ["@timestamp"]
}After installing the ZenPack, navigate to Infrastructure and at root device class level (/Devices) set the following zProperties based on your Control Center setup.
- zCCHost
- zCCPort
- zCCUser
- zCCPass
These settings will usually be the same you have used on your ControlCenter device under /ControlCenter
- zCCHost
- zCCPort
- zCCUser
- zCCPass
- Initial release.