How to audit etcd updates

[niraj kumar]

Hi ,

I have just installed etcd with 3 node cluster and would like to know if there is a way to track who has changed what key/value. Is there a tool or a way built-in with etcd to do this.

Regards

Niraj

[Brandon Philips]

What do you mean by who? Like you want an audit log of the IP addresses?

There is currently no API for keeping this informtion in etcd. If you have a use case for this please outline what you are trying to do and file an issue https://github.com/coreos/etcd/issues

Thank You,

Brandon

--
You received this message because you are subscribed to the Google Groups "etcd-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to etcd-dev+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[niraj kumar]

Hi,

When i said who. I meant which user changed a key/value. Say for example user X changed a key/value, Can this be tracked?

Regards

Niraj

[Brandon Philips]

It cannot be tracked today. It was never really something we thought of up until now. We think of users like SQL servers think of users: they have access to everything they are given authorization for.

[niraj kumar]

Thanks Brandon! I think this would be a good feature for etcd to have audit trails. 

Regards

Niraj

[Brandon Philips]

Can you file an issue explaining your use case for this audit log and perhaps how you would like the API to work?

Thank You,

Brandon

[Alex Bligh]

On 8 Apr 2016, at 21:47, Brandon Philips <brandon...@coreos.com> wrote:

> Can you file an issue explaining your use case for this audit log and perhaps how you would like the API to work?

etcd *almost* has an audit trail in the form of the raft log. Presumably what needs to be done is:
* Ensuring audit records are in the log
* Preserving some details on compaction

Alex

Alex Bligh

[Brandon Philips]

Well the problem is that we don't store the user in the wal at all today. Auth happens above that layer.