Add documentation for audit

Add description for the audit configuration and short note about usage with Ceilometer. Change-Id: I40fa00d3667bea1aca81482abb3a7ad5b81e8761
2015-12-08 15:32:44 +11:00 · 2015-12-08 15:32:44 +11:00 · b2819654bb
commit b2819654bb
parent ebfaa3c929
3 changed files with 57 additions and 0 deletions
--- a/doc/source/audit.rst
+++ b/doc/source/audit.rst
@ -0,0 +1,27 @@
+Audit
+=====
+
+Anchor produces audit messages using the PyCADF library and aims for CADF
+compatibility. The two events being emited right now are ``audit.sign`` and
+``audit.auth``, used for certificate signing and authentication events
+respectively.
+
+In the configuration, audit events can be sent either to the log stream, or
+to the standard openstack message queue. This is configured using the
+``audit.target`` option. See the :doc:`configuration section <configuration>`
+for more details.
+
+Capturing events in Ceilometer
+------------------------------
+
+In order to get events processed by Ceilometer, two configuration files need to
+be provided - event pipeline and definitions. The default
+``event_pipeline.yaml`` as described in Ceilometer documentation is compatible
+with Anchor. As for ``event_definitions.yaml``, it needs to include the
+``audit.auth`` and ``audit.sign`` events.
+
+On the Ceilometer side, it needs the `notification agent`_ installed in order
+to receive data from the message queue. Add incoming events will then be saved
+and visible after running ``ceilometer event-list``.
+
+.. _notification agent: http://docs.openstack.org/developer/ceilometer/architecture.html#notification-agents-listening-for-data
--- a/doc/source/configuration.rst
+++ b/doc/source/configuration.rst
@ -168,6 +168,33 @@ Each validator has its own set of parameters described separately in the
 :doc:`fixups section </fixups>`


+Audit
+-----
+
+Audit has two possible targets: ``log`` for output in the standard logging
+stream and ``messaging`` for the openstack message queue. The first one doesn't
+require any extra options:
+
+.. code:: json
+
+  {
+    "audit": {
+      "target": "log"
+    }
+  }
+
+The message queue version requires defining a target in a way compatible with
+``oslo_messaging`` `transport URIs`_. For example:
+
+.. code:: json
+
+  {
+    "audit": {
+      "target": "messaging",
+      "url": "rabbit:guest@localhost:5672"
+    }
+  }
+
 Example configuration
 ---------------------

@ -209,3 +236,5 @@ Example configuration
      }
    }
  }
+
+.. _transport URIs: https://wiki.openstack.org/wiki/Oslo/Messaging#Transports
--- a/doc/source/index.rst
+++ b/doc/source/index.rst
@ -19,6 +19,7 @@ Contents:
   ephemeralPKI
   validators
   fixups
+   audit


 Indices and tables