Event Logging
Overview
PPA can be configured to send logs to an external syslog server.
The following syslog procotols are supported:
- TLS (recommended)
- TCP
- UDP
Configuring Syslog
To configure syslog you will need to:
- Enable the feature using the checkbox
- Provide the logging server's IP or DNS address & port
- Select the syslog protocol to use
- Provide a certificate to use (optional)
Once the form validates & saves you will be able to enable/disable the feature as you wish.
Supported Events
The following events are emitted by PPA:
| Event name | Description |
|---|---|
| TaskStart | Task has started |
| TaskCancel | Task has been cancelled |
| TaskWaitHook | Task wait hook has received user input |
| TaskLog | Task has sent a custom syslog message |
| DelayedStartInsert | Delayed Start Task has been created |
| DelayedStartUpdate | Delayed Start Task has been updated |
| DelayedStartDelete | Delayed Start Task has been deleted |
| SecretAuthorized | Secret access has been authorized (by a running task) |
| VaultAuthorized | Vault access has been authorized (by a running task) |
| ImageBuild | Task image has built (Task Builder) |
| ImageDeploy | Task image has been deployed (Task Builder) |
| ImageUpdateMetadata | Task image metadata has been edited |
| ImageUpdateOwner | Task image owner has been edited |
| ImageUpdateDelegates | Task image delegated groups have been edited |
| ImageUpdateMaintainers | Task image maintainer groups have been edited |
| ImageArchive | Task image has been deleted |
| ImageRevisionsDelete | Task image revisions have been deleted |
| ImageUpload | Task image has been uploaded |
| ImageRebuild | Task image has been rebuilt |
| PlaybookInsert | Playbook has been created |
| PlaybookUpdate | Playbook has been edited |
| PlaybookUpdateMaintainers | Playbook maintainer groups have been edited |
| PlaybookDelete | Playbook has been deleted |
| AgentInsert | Agent has been created |
| AgentUpdate | Agent has been edited |
| AgentDelete | Agent has been deleted |
| RoleInsert | Role has been created |
| RoleUpdate | Role has been edited |
| RoleDelete | Role has been deleted |
| VaultInsert | Vault has been created |
| VaultUpdate | Vault has been edited |
| VaultDelete | Vault has been deleted |
| ScheduleInsert | Schedule has been created |
| ScheduleUpdate | Schedule has been edited |
| ScheduleDelete | Schedule has been deleted |
| ConfigInsert | Configuration has been created |
| ConfigUpdate | Configuration has been edited |
| UserAuth | User has signed in |
| UserSetActive | User has been activated/deactivated |
| UserSetAuthType | User authentication type has been changed |
| UserDelete | User has been deleted |
| UserRestore | User has been restored |
| UsersImported | Users have been imported |
| GroupsImported | Groups have been imported |
| GroupsUpdate | Groups have been updated |
| GroupDelete | Group has been removed |
| APIKeyRegenerate | Key has been regenerated |
| Techout | Techout has been generated |
| SystemEventInsert | System Event log has been created |
| SystemEventUpdate | System Event log has been updated |
| SystemEventDismiss | System Event warning has been dismissed |
| SystemEventsDismiss | Multiple System Event warnings have been dismissed |
| SystemEventsDelete | Multiple System Event warnings have been deleted |
| SubscriptionInsert | System Event subscription has been created |
| SubscriptionUpdate | System Event subscription has been updated |
| SubscriptionDelete | System Event subscription has been deleted |
| TaskLogsCleanup | Scheduled tasks logs cleanup has finished |
Message fields
PPA provides the following additional fields:
| Field name | Description |
|---|---|
| user | User responsible for triggering the event |
| image | Task image name (if relevant) |
| task | Task uuid (if relevant) |
| details | Additional contextual information |
The details field contains different information depending on the type of event. Here are some examples:
UserAuth
{
"context": {
"addr": "123.456.789.10",
"auth_type": "password"
}
}
TaskCancel
{
"context": {
"trigger": "ui"
},
"type": "task",
"owner": "ppa.demo.user"
}
VaultInsert
{
"inserted": {
"driver": "hashicorp-vault",
"host": "ppa.demo.vault:8200",
"name": "PPA demo vault"
},
"type": "vault"
}
ImageUpdateMetadata
{
"updated": {
"name": {
"current": "Current Name",
"previous": "Previous Name"
},
"tags": {
"added": ["demo", "qa", "v2.5.0"],
"removed": ["v2.4.0"]
}
},
"type": "image",
"owner": "ppa.demo.user"
}