Audit event export
Package Security Manager can be configured to automatically generate and export a list of events from the system to external storage, such as an Amazon Web Services (AWS) Simple Storage Service (S3) bucket, or to a valid network storage location.
Anaconda records the following events for export, organized by type:
To establish a background job to generate and export a chronological recording of events that have occurred within the system:
Event types
Event types
artifact
artifact
artifact_copiedartifact_downloadedartifact_generatedartifact_metadata_updatedartifact_registeredartifact_removedartifact_skippedartifact_view_refreshed
authentication
authentication
auto_role_addedauto_role_deletedauto_role_updated
build
build
build_channel_cve_notification
channel
channel
channel_createdchannel_cve_count_updatechannel_deletedchannel_group_addedchannel_group_deletedchannel_refresh_completechannel_reindexchannel_unfrozenchannel_updated
cve
cve
cve_deletedcve_update_finishedcve_updated
group
group
group_user_addedgroup_user_deleted
mirror
mirror
mirror_deletedmirror_registeredmirror_updated
mirroring
mirroring
mirroring_completedmirroring_failedmirroring_startedmirroring_stopped
report
report
report_generated
sbom
sbom
sbom_deletedsbom_updated
user
user
user_token_createduser_token_metadata_updateduser_token_revokeduser_token_updated
- Open a terminal and connect to your instance of Package Security Manager.
-
Open your installer directory, where the
docker-compose.ymlfile is located, by running the command: -
Open your
docker-compose.ymlfile using your preferred file editor. -
Find the
repo_worker:section of the file. -
Add the following variables to the
repo_worker:environment:section:Variable Description REPO_ENABLE_GENERATE_AUDIT_REPORTS=trueRequired. Enables the background job to operate. REPO_SCHEDULE_AUDIT_REPORT_CRON=<CRON>Required. Sets the frequency of the job. Replace <CRON>with a valid CRON expression.REPO_AUDIT_REPORT_FS=<PARENT_DIRECTORY>Required. Replace <PARENT_DIRECTORY>with an S3 bucket location or a valid file directory path, likefile://{BASE_PATH}/statedir/audit-logsREPO_AUDIT_REPORT_DOWNLOAD_AS=<FORMAT>Optional. Can set the output for the report as either csvorjson. If this value is not provided, the report will default tocsvformat.REPO_CONFIGURE_AUDIT_EVENT_TYPES=<TYPE>,<TYPE>Optional. Specifies that the job only generates and exports these value types in the report. Replace <TYPE>with event types as described above. Separate types with a comma. You can include as many event types as you require. If this variable is not provided, you will generate a report for all events.REPO_AUDIT_REPORT_FS_KMS_ID=<KMS_ID>As necessary. Replace <KMS_ID>with your S3 bucket KMS ID, if it has one. -
Restart the
repo_workercontainer by running the following command:
If you are using the
REPO_CONFIGURE_AUDIT_EVENT_TYPES= variable, the report will include the artifact_downloaded events even if you do not include it.