Add audit trail features

[OpenNebulaProject]

---

Author Name: Carlos Martín (Carlos Martín) Original Redmine Issue: 1615, https://dev.opennebula.org/issues/1615 Original Date: 2012-10-26

---

The big picture:

• Insert each RM request in a DB table with the complete arguments, timestamp, the returned result, objects involved... maybe also the ACL rule that granted permission, or if the session string was cached
• Create a CLI tool & sunstone tab to filter all the entries by user, time, VM/Host/Image involved, etc.

[hydro-b]

I expect this feature to become even more relevant in the coming years, with ENISA launching a security framework for European Cloud Scheme (EUCS) [1] and NIS (v. 2) [2].

Besides the "store all this info in the database" ... an alternative approach might be to use the Hook Manager events [3] to have a daemon subscribe to all events and implement audit trail filtering there. Ideally in a way it can be consumed by "observability tools" and used in external systems as well.

1) https://www.enisa.europa.eu/publications/eucs-cloud-service-scheme 2) https://www.europarl.europa.eu/RegData/etudes/BRIE/2021/689333/EPRS_BRI(2021)689333_EN.pdf 3) https://docs.opennebula.io/6.4/integration_and_development/system_interfaces/hook_driver.html?#hook-manager-events

[rightkick]

Indeed a very needed feature for multi-tenant setups.