In PKI 10.5 some audit events are being split into different events based on the outcome to allow the admin to log specific outcomes only (e.g. cert request processing failures only). See the following tickets:
Instead of that, it might be better to provide an audit event filter mechanism such that the admin can specify a logging criteria for each audit event without splitting the event itself. For example:
log.instance.SignedAudit.filters.CERT_REQUEST_PROCESSED=(&(Outcome=Failure)(ClientIP!=localhost))
Metadata Update from @edewata: - Custom field component adjusted to General - Custom field feature adjusted to '' - Custom field origin adjusted to Community - Custom field proposedmilestone adjusted to '' - Custom field proposedpriority adjusted to '' - Custom field reviewer adjusted to '' - Custom field type adjusted to defect - Custom field version adjusted to '' - Issue priority set to: major - Issue set to the milestone: 10.4
Metadata Update from @edewata: - Issue priority set to: critical (was: major)
http://pki.fedoraproject.org/wiki/PKI_10.5_Audit_Event_Filter
Metadata Update from @mharmsen: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1404075, https://bugzilla.redhat.com/show_bug.cgi?id=1445532
Metadata Update from @mharmsen: - Issue set to the milestone: 10.5 (was: 10.4)
Metadata Update from @mharmsen: - Issue priority set to: major (was: critical)
Per CS/DS Meeting 09/25/2017: 10.5 blocker
Metadata Update from @mharmsen: - Issue priority set to: blocker (was: major)
Metadata Update from @edewata: - Issue assigned to edewata
Depends on LDAP JDK enhancement: https://bugzilla.mozilla.org/show_bug.cgi?id=1376300
Fixed in master: * https://github.com/dogtagpki/pki/commit/12cbc3af6d73a7d773cd761e3ecf99dc195ce115
Metadata Update from @edewata: - Issue close_status updated to: fixed - Issue set to the milestone: 10.5.0 (was: 10.5) - Issue status updated to: Closed (was: Open)
commit 99de9b02528f109239d030d5a8a2fdbd7aed409c Author: Endi S. Dewata edewata@redhat.com Date: Fri Oct 13 19:05:04 2017 +0200
Updated LDAPJDK dependency. The pki-core.spec has been updated to require the LDAPJDK version that provides the new getter methods. https://pagure.io/dogtagpki/issue/2689 Change-Id: I89e380f18696ac7a0e697f710c1f5d399d045098
commit d20a8233c18826d4730b42a3d08a4f83dbbe8d99 (HEAD -> master, origin/master, origin/HEAD, gerrit/master) Author: Matthew Harmsen mharmsen@redhat.com Date: Tue Oct 17 12:27:25 2017 -0600
Updated LDAPJDK dependency. The pki-console.spec has been updated to require the LDAPJDK version that provides the new getter methods. https://pagure.io/dogtagpki/issue/2689 Change-Id: I5f1e95cabe29b18061c13fef08e6419649bd28a4
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/2809
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Login to comment on this ticket.