This section instructs you on how to enable the audit logging in Jenkins by enabling the Audit Trail Jenkins plugin. The plugin allows keeping a log of the users who performed particular Jenkins operations, such as managing and using jobs.
Note
This feature is available starting from the MCP 2019.2.5 maintenance update. Before enabling the feature, follow the steps described in Apply maintenance updates.
Note
If Jenkins is disabled on the Salt Master node, skip the step 3 of the procedure below.
To setup Audit logging in Jenkins:
Log in to the Salt Master node.
Open the cluster level of your deployment model.
In the cicd/control/leader.yml
file, configure any of three logger
types that include console
, file
, and syslog
.
Note
By default, only the console output is collected by Fluentd if enabled.
Pillars examples:
For the console
logger:
parameters:
jenkins:
client:
audittrail:
loggers:
console_logger:
type: console
output: STD_OUT
date_format: "yyyy-MM-dd HH:mm:ss:SSS"
log_prefix: ""
Note
The date_format
and log_prefix
parameters in the example
above are defaults and can be skipped.
For the file
logger:
parameters:
jenkins:
client:
audittrail:
loggers:
file_logger:
type: file
log: /var/jenkins_home/file_logger.log
limit: 100
count: 10
Note
The limit
parameter stands for the file limit size in MB.
The count
parameter stands for the number files to keep.
For the syslog
logger:
parameters:
jenkins:
client:
audittrail:
loggers:
syslog_logger:
type: syslog
syslog_server_hostname: 'syslog.host.org'
syslog_server_port: 514
syslog_facility: SYSLOG
app_name: jenkins
message_hostname: ""
message_format: RFC_3164
To configure the audit Logging for Jenkins on the Salt Master node,
add the similar pillars to infra/config/jenkins.yml
.
Refresh pillars:
salt -C 'I@jenkins:client' saltutil.refresh_pillar
Apply the changes:
salt -C 'I@jenkins:client:audittrail' state.apply jenkins.client.audittrail