Enable Gerrit audit logging

Enable Gerrit audit logging

This section instructs you on how to enable the audit logging in Gerrit by configuring the httpd requests logger. Fluentd collects the files with the error logs automatically.

Note

This feature is available starting from the MCP 2019.2.5 maintenance update. Before enabling the feature, follow the steps described in Apply maintenance updates.

To set up audit logging in Gerrit:

  1. Log in to the Salt Master node.

  2. Open the cluster level of your deployment model.

  3. In the cicd/control/leader.yml file, add following parameters:

    parameters:
      _param:
        ...
        gerrit_extra_opts: "-Dlog4j.configuration=file:///var/gerrit/review_site/etc/log4j.properties"
        gerrit_http_request_log: 'True'
        ...
      linux:
        system:
          file:
            "/srv/volumes/gerrit/etc/log4j.properties":
              contents:
                - log4j.logger.httpd_log=INFO,httpd_log
                - log4j.appender.httpd_log=org.apache.log4j.ConsoleAppender
                - log4j.appender.httpd_log.layout=com.google.gerrit.pgm.http.jetty.HttpLogLayout
    
  4. Refresh pillars:

    salt -C 'I@gerrit:client' saltutil.refresh_pillar
    
  5. Create the log4j.properties file:

    salt -C 'I@gerrit:client' state.apply linux.system.file
    
  6. Update the Gerrit service:

    salt -C 'I@gerrit:client' state.apply docker.client