审计

ZWatch提供对API的审计功能,用户可以查看对某个资源或所有资源的API操作。一条API审计记录类似如下:

        {
            "apiName": "org.zstack.header.vm.APICreateVmInstanceMsg",
            "duration": 3260,
            "operatorAccountUuid": "36c27e8ff05c4780bf6d2fa65700f22e",
            "requestDump": "{"description":"","l3NetworkUuids":["d914360d1b2a42a68f91df0c8863f716"],"dataDiskOfferingUuids":[],"name":"vm","systemTags":["usbRedirect::false","vmConsoleMode::vnc"],"instanceOfferingUuid":"5c5720c9feba4196a9a9d3cb844a77b7","strategy":"InstantStart","imageUuid":"1194b7d10d3345e08b21847165f0b349"}",
            "requestUuid": "30a3cebb29173fa7a60f4e96d397ef1d",
            "resourceType": "VmInstanceVO",
            "resourceUuid": "ec54f53da5204a63954beea0a7782804",
            "responseDump": "{"inventory":{"uuid":"ec54f53da5204a63954beea0a7782804","name":"vm","description":"","zoneUuid":"fad25e2987a746f186896e3234469263","clusterUuid":"6da3fd94b7c5412088e722a773f17796","imageUuid":"1194b7d10d3345e08b21847165f0b349","hostUuid":"9778a9bc6db84ea9847c2023f13cbc1e","lastHostUuid":"9778a9bc6db84ea9847c2023f13cbc1e","instanceOfferingUuid":"5c5720c9feba4196a9a9d3cb844a77b7","rootVolumeUuid":"726f19724a3e4783801d86a7021d2be1","platform":"Linux","defaultL3NetworkUuid":"d914360d1b2a42a68f91df0c8863f716","type":"UserVm","hypervisorType":"KVM","memorySize":1073741824,"cpuNum":1,"cpuSpeed":0,"allocatorStrategy":"LeastVmPreferredHostAllocatorStrategy","createDate":"Dec 21, 2017 1:14:02 PM","lastOpDate":"Dec 21, 2017 1:14:05 PM","state":"Running","vmNics":[{"uuid":"6ddc4064387c4f0f88d5d1e422a4f22a","vmInstanceUuid":"ec54f53da5204a63954beea0a7782804","l3NetworkUuid":"d914360d1b2a42a68f91df0c8863f716","ip":"10.0.0.47","mac":"fa:8e:06:53:90:00","netmask":"255.255.255.0","gateway":"10.0.0.1","deviceId":0,"createDate":"Dec 21, 2017 1:14:02 PM","lastOpDate":"Dec 21, 2017 1:14:02 PM"}],"allVolumes":[{"uuid":"726f19724a3e4783801d86a7021d2be1","name":"ROOT-for-vm","description":"Root volume for VM[uuid:ec54f53da5204a63954beea0a7782804]","primaryStorageUuid":"4966a9f63d274ad0bfc2f59367bf7459","vmInstanceUuid":"ec54f53da5204a63954beea0a7782804","rootImageUuid":"1194b7d10d3345e08b21847165f0b349","installPath":"/zstack_ps/rootVolumes/acct-36c27e8ff05c4780bf6d2fa65700f22e/vol-726f19724a3e4783801d86a7021d2be1/726f19724a3e4783801d86a7021d2be1.qcow2","type":"Root","format":"qcow2","size":12682240,"actualSize":7995392,"deviceId":0,"state":"Enabled","status":"Ready","createDate":"Dec 21, 2017 1:14:02 PM","lastOpDate":"Dec 21, 2017 1:14:02 PM","isShareable":false}]},"success":true}",
            "responseUuid": "d6c29c03c894439983f1afd06cb862a9",
            "sessionUuid": "68e54d9719ef42f0807a66eef5483bed",
            "time": 1513833245301
        }
  • apiName: API名称
  • duration:执行API消耗的时间,单位毫秒
  • operatorAccountUuid:执行API的账号UUID
  • requestDump:API请求。不包含敏感字段(如密码)
  • responseDump:API返回
  • requestUuid:API请求UUID
  • resourceType:资源类型。如果API不是对某个具体资源的操作,该字段不存在
  • responseUuid:API返回UUID
  • sessionUuid:账号会话UUID
  • time:收到API请求的时间,Epoch Time,单位毫秒
  • error:如果API执行失败,该字段包括错误的字符串描述。API成功则不包括该字段。

审计功能只记录操作相关API,包括创建/修改/删除等,读API(所有Query,Get类API)不记录。如果一个API操作关联多个资源,例如加载主存储到集群,会分别对各个资源生成审计记录。