It is not possible to set the audit file rotation to a schedule

snkellner commented 11 months ago

Summary

We always try to create a new audit log file on Mondays at midnight and then keep it for a maximum of 367 days. With the cli this is possible and the result looks like this: fs8506::> vserver audit show -vserver svm85064f8fb565b9

                       Vserver: svm85064f8fb565b9
                Auditing State: true
          Log Destination Path: /svm85064f8fb565b9_audit
 Categories of Events to Audit: cap-staging, file-share, user-account,
                                security-group,
                                authorization-policy-change,
                                audit-policy-change
                    Log Format: evtx
           Log File Size Limit: 200MB
  Log Rotation Schedule: Month: -

Log Rotation Schedule: Day of Week: Monday Log Rotation Schedule: Day: - Log Rotation Schedule: Hour: 0 Log Rotation Schedule: Minute: 0 Rotation Schedules: Mon@0:00 Log Files Rotation Limit: 0 Log Retention Duration: 367d 0h 0m 0s Strict Guarantee of Auditing: true

Component Name

na_ontap_vserver_audit_module

Ansible Version

$ ansible --version
ansible [core 2.15.7]
  config file = /ansible/ansible.cfg
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.9/site-packages/ansible
  ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/local/bin/ansible
  python version = 3.9.18 (main, Sep  7 2023, 00:00:00) [GCC 11.4.1 20230605 (Red Hat 11.4.1-2)] (/usr/bin/python3)
  jinja version = 3.1.2
  libyaml = True

ONTAP Collection Version

$ ansible-galaxy collection list
# /usr/local/lib/python3.9/site-packages/ansible_collections
Collection                    Version
----------------------------- -------
amazon.aws                    6.5.0  
ansible.netcommon             5.3.0  
ansible.posix                 1.5.4  
ansible.utils                 2.11.0 
ansible.windows               1.14.0 
arista.eos                    6.2.1  
awx.awx                       22.7.0 
azure.azcollection            1.19.0 
check_point.mgmt              5.1.1  
chocolatey.chocolatey         1.5.1  
cisco.aci                     2.8.0  
cisco.asa                     4.0.3  
cisco.dnac                    6.7.6  
cisco.intersight              1.0.27 
cisco.ios                     4.6.1  
cisco.iosxr                   5.0.3  
cisco.ise                     2.5.16 
cisco.meraki                  2.16.13
cisco.mso                     2.5.0  
cisco.nso                     1.0.3  
cisco.nxos                    4.4.0  
cisco.ucs                     1.10.0 
cloud.common                  2.1.4  
cloudscale_ch.cloud           2.3.1  
community.aws                 6.4.0  
community.azure               2.0.0  
community.ciscosmb            1.0.7  
community.crypto              2.16.0 
community.digitalocean        1.24.0 
community.dns                 2.6.3  
community.docker              3.4.10 
community.fortios             1.0.0  
community.general             7.5.1  
community.google              1.0.0  
community.grafana             1.6.1  
community.hashi_vault         5.0.1  
community.hrobot              1.8.1  
community.libvirt             1.3.0  
community.mongodb             1.6.3  
community.mysql               3.8.0  
community.network             5.0.2  
community.okd                 2.3.0  
community.postgresql          2.4.3  
community.proxysql            1.5.1  
community.rabbitmq            1.2.3  
community.routeros            2.10.0 
community.sap                 1.0.0  
community.sap_libs            1.4.1  
community.skydive             1.0.0  
community.sops                1.6.7  
community.vmware              3.11.1 
community.windows             1.13.0 
community.zabbix              2.1.0  
containers.podman             1.11.0 
cyberark.conjur               1.2.2  
cyberark.pas                  1.0.23 
dellemc.enterprise_sonic      2.2.0  
dellemc.openmanage            7.6.1  
dellemc.powerflex             1.9.0  
dellemc.unity                 1.7.1  
f5networks.f5_modules         1.27.0 
fortinet.fortimanager         2.3.0  
fortinet.fortios              2.3.4  
frr.frr                       2.0.2  
gluster.gluster               1.0.2  
google.cloud                  1.2.0  
grafana.grafana               2.2.3  
hetzner.hcloud                1.16.0 
hpe.nimble                    1.1.4  
ibm.qradar                    2.1.0  
ibm.spectrum_virtualize       1.12.0 
ibm.storage_virtualize        2.1.0  
infinidat.infinibox           1.3.12 
infoblox.nios_modules         1.5.0  
inspur.ispim                  1.3.0  
inspur.sm                     2.3.0  
junipernetworks.junos         5.3.0  
kubernetes.core               2.4.0  
lowlydba.sqlserver            2.2.2  
microsoft.ad                  1.3.0  
netapp.aws                    21.7.1 
netapp.azure                  21.10.1
netapp.cloudmanager           21.22.1
netapp.elementsw              21.7.0 
netapp.ontap                  22.8.2 
netapp.storagegrid            21.11.1
netapp.um_info                21.8.1 
netapp_eseries.santricity     1.4.0  
netbox.netbox                 3.15.0 
ngine_io.cloudstack           2.3.0  
ngine_io.exoscale             1.1.0  
ngine_io.vultr                1.1.3  
openstack.cloud               2.1.0  
openvswitch.openvswitch       2.1.1  
ovirt.ovirt                   3.2.0  
purestorage.flasharray        1.21.0 
purestorage.flashblade        1.14.0 
purestorage.fusion            1.6.0  
sensu.sensu_go                1.14.0 
servicenow.servicenow         1.0.6  
splunk.es                     2.1.0  
t_systems_mms.icinga_director 1.33.1 
telekom_mms.icinga_director   1.34.1 
theforeman.foreman            3.14.0 
vmware.vmware_rest            2.3.1  
vultr.cloud                   1.10.0 
vyos.vyos                     4.1.0  
wti.remote                    1.0.5

ONTAP Version

sridharc-vsim34::> version

NetApp Release 9.11.1P8: Fri Apr 07 00:02:50 UTC 2023

Playbook

no playbook has been created as the necessary parameters are not implemented yet

Steps to Reproduce

Expected Results

Same as in the cli command, see summary. Setting duration for rotation should be supported. The REST ApI is already capable of doing it. We are missing this functionality in the ansible module.

Actual Results

no result has been produced yet

carchi8py commented 11 months ago

@snkellner Are you not able to create a audit file with the current module (https://docs.ansible.com/ansible/devel/collections/netapp/ontap/na_ontap_vserver_audit_module.html#ansible-collections-netapp-ontap-na-ontap-vserver-audit-module)

If not can you show me the command you use to create it.

snkellner commented 10 months ago

Hi, sure, it is possible to create an audit file. The options for the schedule are missing in the ansible module. In the cli and the rest api they exist. The customer is using this cli command. Sorry, I thought I added it above.

vserver audit create -vserver -destination /_audit -events cap-staging,file-share,user-account,security-group,authorization-policy-change -rotate-size 200Mb -rotate-schedule-dayofweek Monday -rotate-schedule-hour 0 -rotate-schedule-minute 0 -retention-duration 367d

carchi8py commented 9 months ago

@snkellner Sorry for the delay

I believe you should be able to set this with the

duration option https://docs.ansible.com/ansible/devel/collections/netapp/ontap/na_ontap_vserver_audit_module.html#parameter-log/retention/duration

So it should be something like

name: Create vserver audit configuration netapp.ontap.na_ontap_vserver_audit: state: present vserver: ansible enabled: True events: authorization_policy: False cap_staging: False cifs_logon_logoff: True file_operations: True file_share: False security_group: False user_account: False log_path: "/" log: format: xml retention: duration: 367d rotation: size: "1048576" guarantee: False hostname: "{{ netapp_hostname }}" username: "{{ netapp_username }}" password: "{{ netapp_password }}"

snkellner commented 9 months ago

Hi Chris, also sorry for the delay, was out of office last week. Yes, the duration can be set like you state above. What is still missing is the schedule. The customer wants to rotate the file when it gets bigger than 200mb on mondays at midnight. So it would be good to have the parameters for rotate-schedule-* in the ansible module as well. Not sure what already can be specified with the rotation: parameter in the module.

carchi8py commented 9 months ago

I have DEVOPS-6691 to add this.

suhasbshekar commented 7 months ago

this is released in 22.11.0, will be closing this issue.

ansible-collections / netapp.ontap