Get all changes (audits) related to a specific host

Problem: I am trying to find a way to get ALL the changes (audits) that have been performed on a specific host in a specific time period. I have tried using the search filter function in the Foreman GUI, but I am not sure what needs to be typed there. “host = <FQDN_of_host>” doesn’t give me any useful information like:

  • A puppet class has been removed by this user on this date.
  • A smart class parameter has been overridden by this user on this date from this value to this value.

This information is present in these audits. I am able to see this information whenever I add/remove a puppet class, whenever I modify smart class parameters etc, but it gets lost over time in the audits history. (which has 222254 pages * 28 entries in my case :slight_smile: ).

If I search with “user = <specific_user>” I am able to see all the changes that the user did including the information I am looking for above. Now, I am trying to figure out how to do this per host i.e. see all the changes that have been performed on the host over time by any user on Foreman.

I have also tried using the Foreman API, but it gives me similar information like when I search using the “host = <FQDN_of_host>” filter expression in the Foreman GUI - It doesn’t have all the information about the changes performed on the host.

GET https://<my_foreman_server>/api/v2/hosts/<host_id>/audits?per_page=1000’

Foreman version: 1.15.2

I just ran into this the other day and was unable to figure out how. Even the “audits” tab when selected from a host itself didn’t really give everything. I don’t have a solution - but am interested in knowing if there is a specific search string that makes it “work” or something that i can document for future use :slight_smile:

TL:DR; there’s no easy way to find all related audits like this, but likely easy to add

Tech background and explanation:

The problem here is, that audits are always linked to single resource. The resource can be host, architecture, domain, subnet, puppet class etc. E.g. change of host’s domain means changing one of host’s attribute (foreign key in DB) so it’s easy to track it. For 1:n associations that’s more complicated as the foreign key exists on the “n” side. So you’d probably be able to find audit for update of puppet classes but it’s not linked to the host from which it has been removed. The same for override value, that’s different resource which is not linked to puppet class.

Recently we added a feature for tracking associations. We should be able to start tracking puppet classes assigned to host/host group. Would you mind filing an RFE for this? Or if you’re interested, you can submit a PR, it should be as easy as specifying :associations similarly to this to the host model, the association is called :puppetclasses. If you need help with how to submit a patch, here’s a link to a developer handbook.

Hello Marek,

Would you mind giving a link on where to ask for this feature to be implemented i.e. where suggestions are sent by Foreman users.

I would like to help, but I have little knowledge of the Foreman code base and its database design.

In the meantime a possible way to do this is to go from user to user in the GUI by searching for
“user =<specific_user>”

Alternatively, one could script the whole thing, by using the Foreman API, getting JSON for each user and then processing this data to find the entries for the given host:

/usr/bin/curl -sS -u <admin_username>:<admin_password> ‘https://<foreman_server>/api/v2/audits?per_page=10000&utf8=✓&search=user+%3D+<specific_user>