Hermes is an audit trail service for OpenStack that enables easy access to audit events on a tenant basis. With Hermes, you can view project-level audit events through an API or as an optional module in the OpenStack dashboard, Elektra.
An audit event is a JSON record that contains the details of a given OpenStack event, such as the user who made the request, the request itself, and when it occurred. The event log contains information about actions taken within your OpenStack tenant or domain.
Hermes provides detailed information about each event, including the 7 “W”s of audit: What, When, Who, FromWhere, OnWhat, Where, ToWhere. This information is presented in the CADF format, which includes both mandatory and optional properties.
| “W” Component | CADF Mandatory Properties | CADF Optional Properties (where applicable) | Description |
|---|---|---|---|
| What | event.actionevent.outcomeevent.eventType |
event.reason |
“what” activity occurred; “what” was the result. |
| When | event.eventTime |
“when” did it happen. | |
| Who | event.initiator.idevent.initiator.typeURI |
event.initiator.name |
“who” (person or service) initiated the action. |
| FromWhere | event.initiator.hostevent.initiator.domainevent.initiator.domain_idevent.initiator.project_id |
"FromWhere" provides information describing where the action was initiated from. | |
| OnWhat | event.target.idevent.target.typeURI |
event.target.domain_idevent.target.project_id |
“onWhat” resource did the activity target. |
| Where | event.observer.idevent.observer.typeURI |
event.observer.name |
“where” did the activity get observed (reported), or modified in some way. |
| ToWhere | "ToWhere" provides information describing where the target resource that is affected by the action is located. |
- Hermes command line client HermesCli
- You can send requests to the HTTP API directly, as shown in this guide.
- The OpenStack web dashboard Elektra contains an optional Audit module that becomes accessible if Hermes is deployed in the target OpenStack cluster.
Retention is configurable on a global level for all tenants. In the roadmap it is intended that retention will be on a per tenant basis. The current basis for retention is 3 months.