Use case not covered by the audit library?

Monday, 14 December 2015

Hi,

I have a fairly common use case that I'm not sure is covered by the audit library and
I need some advice on how best to handle it.   I have a daemon running as root that
services REST API calls (or a web UI from a browser).  An external application first
establishes a session by authenticating a user which returns a token/session ID to the
caller.   All future REST API calls, supplies the token/session ID which allows them
authenticated access to the requested resource.   The token/session ID indicates what user
the request is associated with.  Obviously, there can be many users simultaneously issuing
requests.

What I need to do is specify the user on each audit log call.   For example, I need to
have a way to specify which user is issuing the request when I call
audit_log_user_message().  Is this possible?   This is a very common use case and really
needs to be handled.

Scott Gulland
916.785.1497
HPE Networking, CEB R&D

8000 Foothills Blvd; MS - 5505
Roseville, CA 95747
USA

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Use case not covered by the audit library?