Hi Justin, I considered also this approach, but instead I've set up a webdav server on a policy_server, and each client sending the reports on this webdav entry point. Hence the client can send it when he knows it is suitable, and the promises are much more easy to write
Nicolas Justin Lloyd wrote: > Hi all, > > I'd like to generate a report of all* changes Cfengine makes on systems > for auditing and awareness purposes. If, for example, the same change is > being made a lot on a system (e.g. fixing /etc/passwd permissions), then > we would know something is wrong and could investigate it more deeply. > > Cfengine Nova (I don't know about community) logs local promise repairs > to /var/cfengine/nova_repair.log, which is rotated weekly. Here are a > couple of example lines: > > Thu Jun 3 21:32:21 > 2010,fix_resolver_configuration_file,fix_resolver_configuration_file,Ens > ure /etc/resolv.conf file exists and is > correct,/var/cfengine/inputs/dg.bundles.cf,262 > Thu Jun 3 21:34:16 > 2010,_fetch_public_ssh_key,ensure_authorized_ssh_key_exists,Ensure > user's authorized_keys file contains remote user's public > key,/var/cfengine/inputs/dg.ssh_keys.cf,98 > > I was thinking of having each policy server fetch the nova_repair.log > from all of its hosts each day prior to rotation and generating a > summary report that is easily skimmable by humans. However, before I > start really diving into such an approach, I was wondering if anyone has > been wanting or doing something similar. > > Thanks, > Justin > > *By "all" I would filter out a lot of standard changes, like those done > by Nova's generate_reports.cf. > > _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
