DDS: Linux Audit Logs Updates#20345
DDS: Linux Audit Logs Updates#20345tirthrajchaudhari-crest wants to merge 9 commits intoDataDog:masterfrom
Conversation
rtrieu
left a comment
rtrieu
left a comment
There was a problem hiding this comment.
thank you for contributing to our docs! i've left some feedback mainly to comply with our style guide.
|
|
||
| ### Setup Audit Rules (Optional) | ||
|
|
||
| 1. Create/Edit the Audit Rules File |
There was a problem hiding this comment.
| 1. Create/Edit the Audit Rules File | |
| 1. Create or edit the Audit Rules file: |
| sudo systemctl restart auditd | ||
| ``` | ||
|
|
||
| ### Setup Audit Rules (Optional) |
There was a problem hiding this comment.
| ### Setup Audit Rules (Optional) | |
| ### Set up Audit Rules (optional) |
| sudo nano /etc/audit/rules.d/audit.rules | ||
| ``` | ||
|
|
||
| 2. Configure the audit rules based on your requirements. For reference, check out [audit rulesets][9]. |
There was a problem hiding this comment.
| 2. Configure the audit rules based on your requirements. For reference, check out [audit rulesets][9]. | |
| 2. Configure the audit rules based on your requirements. For reference, see [audit rulesets][9]. |
|
|
||
| 2. Configure the audit rules based on your requirements. For reference, check out [audit rulesets][9]. | ||
|
|
||
| 3. Reload Audit Rules |
There was a problem hiding this comment.
| 3. Reload Audit Rules | |
| 3. Reload Audit Rules: |
| sudo augenrules --load | ||
| ``` | ||
|
|
||
| 4. Verify Loaded Rules |
There was a problem hiding this comment.
| 4. Verify Loaded Rules | |
| 4. Verify loaded rules: |
temporal-github-worker-1
Bot
added
docs/requested-changes
and removed
docs/review-requested
labels
buraizu
left a comment
buraizu
left a comment
There was a problem hiding this comment.
Approving with one minor update requested for screen-reader accessibility, as well as some additional suggestions for consistency with casing and punctuation.
|
|
||
| ### Setup Audit Rules (Optional) | ||
|
|
||
| 1. Create/Edit the Audit Rules File |
There was a problem hiding this comment.
| 1. Create/Edit the Audit Rules File | |
| 1. Create or Edit the audit rules file. |
|
|
||
| 2. Configure the audit rules based on your requirements. For reference, check out [audit rulesets][9]. | ||
|
|
||
| 3. Reload Audit Rules |
There was a problem hiding this comment.
| 3. Reload Audit Rules | |
| 3. Reload audit rules. |
| sudo augenrules --load | ||
| ``` | ||
|
|
||
| 4. Verify Loaded Rules |
There was a problem hiding this comment.
| 4. Verify Loaded Rules | |
| 4. Verify loaded rules. |
|
|
||
| 3. Reload Audit Rules | ||
| ```shell | ||
| sudo augenrules --load |
There was a problem hiding this comment.
Just want to confirm that augenrules is the correct spelling.
There was a problem hiding this comment.
Yes, it's the correct spelling.
temporal-github-worker-1
Bot
added
docs/approved
and removed
docs/requested-changes
labels
temporal-github-worker-1
Bot
dismissed
buraizu’s stale review
Review from buraizu is dismissed. Related teams and files:
- documentation
- linux_audit_logs/README.md
temporal-github-worker-1
Bot
added
docs/review-requested
and removed
docs/approved
labels
temporal-github-worker-1
Bot
added
docs/approved
and removed
docs/review-requested
labels
temporal-github-worker-1
Bot
dismissed stale reviews from buraizu and rtrieu
Review from buraizu is dismissed. Related teams and files:
- documentation
- linux_audit_logs/manifest.json
Review from rtrieu is dismissed. Related teams and files:
- documentation
- linux_audit_logs/manifest.json
temporal-github-worker-1
Bot
added
docs/review-requested
and removed
docs/approved
labels
…into linux-audit-logs-update
|
This PR does not modify any files shipped with the agent. To help streamline the release process, please consider adding the |
| - name: Lookup on `success` to `result` Field | ||
| enabled: true | ||
| source: success | ||
| target: result |
There was a problem hiding this comment.
This field doesn't seem to be used for the status remapper later on (here) which means you are not using it for the status of the log.
Is that expected?
There was a problem hiding this comment.
We have made a minor update in the log pipeline so that this field will be used to map the status for the log.
…into linux-audit-logs-update
There was a problem hiding this comment.
Could you add a dark mode screenshot for the dashboard?
There was a problem hiding this comment.
This is just a update PR for this integration and we usually add only ligh themed dashboard screenshots in tile.
There was a problem hiding this comment.
@tirthrajchaudhari-crest, we’ve recently updated our guidelines for integration tiles - screenshots should now include a dark mode view and show a high volume of logs to better represent real-world usage. Could you please update the existing screenshots accordingly?
Also, could you ensure that the aspect ratio looks correct (for example, circles shouldn’t appear distorted)?
There was a problem hiding this comment.
@nubtron We have updated the dashboard images which now includes light and dark version of images with high volume of logs.
temporal-github-worker-1
Bot
added
agent/approved
and removed
agent/requested-changes
labels
temporal-github-worker-1
Bot
added
docs/approved
and removed
docs/review-requested
labels
5 participants
What does this PR do?
Review checklist (to be filled by reviewers)
qa/skip-qalabel if the PR doesn't need to be tested during QA.backport/<branch-name>label to the PR and it will automatically open a backport PR once this one is merged