Enable Jenkins audit logging

Enable Jenkins audit logging

This section instructs you on how to enable the audit logging in Jenkins by enabling the Audit Trail Jenkins plugin. The plugin allows keeping a log of the users who performed particular Jenkins operations, such as managing and using jobs.

Note

This feature is available starting from the MCP 2019.2.5 maintenance update. Before enabling the feature, follow the steps described in Apply maintenance updates.

Note

If Jenkins is disabled on the Salt Master node, skip the step 3 of the procedure below.

To setup Audit logging in Jenkins:

  1. Log in to the Salt Master node.

  2. Open the cluster level of your deployment model.

  3. In the cicd/control/leader.yml file, configure any of three logger types that include console, file, and syslog.

    Note

    By default, only the console output is collected by Fluentd if enabled.

    Pillars examples:

    1. For the console logger:

      parameters:
        jenkins:
          client:
            audittrail:
              loggers:
                console_logger:
                  type: console
                  output: STD_OUT
                  date_format: "yyyy-MM-dd HH:mm:ss:SSS"
                  log_prefix: ""
      

      Note

      The date_format and log_prefix parameters in the example above are defaults and can be skipped.

    2. For the file logger:

      parameters:
        jenkins:
          client:
            audittrail:
              loggers:
                file_logger:
                  type: file
                  log: /var/jenkins_home/file_logger.log
                  limit: 100
                  count: 10
      

      Note

      The limit parameter stands for the file limit size in MB. The count parameter stands for the number files to keep.

    3. For the syslog logger:

      parameters:
        jenkins:
          client:
            audittrail:
              loggers:
                syslog_logger:
                  type: syslog
                  syslog_server_hostname: 'syslog.host.org'
                  syslog_server_port: 514
                  syslog_facility: SYSLOG
                  app_name: jenkins
                  message_hostname: ""
                  message_format: RFC_3164
      
  4. To configure the audit Logging for Jenkins on the Salt Master node, add the similar pillars to infra/config/jenkins.yml.

  5. Refresh pillars:

    salt -C 'I@jenkins:client' saltutil.refresh_pillar
    
  6. Apply the changes:

    salt -C 'I@jenkins:client:audittrail' state.apply jenkins.client.audittrail