Anyone know if Fleet audit logs for admin actions?...
# kolided
Dan Achin
11/03/2020, 8:33 PMAnyone know if Fleet audit logs for admin actions? I can see a lot of client access in the nginx logs, but not finding anything for the UI or any actions performed there. I'm guessing that changes made like new users, or updates to packs are logged in the DB. Is that right?
z
zwass
11/03/2020, 8:35 PM
Those things are logged to stderr
d
Dan Achin
11/03/2020, 9:29 PMok, thanks!
Dan Achin
11/03/2020, 9:32 PMthat seems like an odd play to write those kinds of messages. any insight into why stderr was chosen?
z
zwass
11/03/2020, 10:12 PM
Originally there was logging for every endpoint on stderr as is common with HTTP servers. That logging was very verbose and most folks seemed to want to use it as more of an audit log. Now most of it is hidden unless
logging_debugd
Dan Achin
11/03/2020, 10:37 PMgot it, thanks. I see that here - https://github.com/kolide/fleet/blob/master/docs/infrastructure/configuring-the-fleet-binary.md
I don't see where that will redirect the logs to though
2 Views