yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1154303] Re: Security group rule AUDIT message could be more useful

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Thierry Carrez <thierry.carrez+lp@xxxxxxxxx>
Date: Wed, 11 Jun 2014 13:51:59 -0000
Reply-to: Bug 1154303 <1154303@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: nova
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1154303

Title:
  Security group rule AUDIT message could be more useful

Status in OpenStack Compute (Nova):
  Fix Released

Bug description:
  Hi! This is mostly just a wishlist request related to operational
  usability.

  Recently I was investigating a report of changes to security group
  rules for a tenant and found that the AUDIT log messages captured
  during security group rule changes was, well, less than useful :)

  Example:

  2013-03-12 17:25:31 AUDIT nova.compute.api [req-
  ea8ad999-2154-4631-8d80-e33eeeb5f9b6 a8f944429f2b43758079dfda3a123222
  8a25888b704146ab95c1e3e8928253f6] Authorize security group ingress
  default

  What would be more useful to know in this particular AUDIT log message
  would be something like this:

  2013-03-12 17:25:31 AUDIT nova.compute.api [req-
  ea8ad999-2154-4631-8d80-e33eeeb5f9b6 a8f944429f2b43758079dfda3a123222
  8a25888b704146ab95c1e3e8928253f6] Security group default added TCP
  ingress (22:22)

  or:

  2013-03-12 17:25:31 AUDIT nova.compute.api [req-
  ea8ad999-2154-4631-8d80-e33eeeb5f9b6 a8f944429f2b43758079dfda3a123222
  8a25888b704146ab95c1e3e8928253f6] Security group default removed ICMP
  ingress (-1:-1)

  Best,
  -jay

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1154303/+subscriptions