application logs missing failed actions #1507

New Issue

Closed

opened 2025-12-29 16:32:33 +01:00 by adam · 8 comments

adam commented 2025-12-29 16:32:33 +01:00

Owner

Copy Link

Originally created by @tduehr on GitHub (Jan 24, 2018).

Issue type

[ ] Feature request
[X] Bug report
[ ] Documentation

Environment

• Python version: 3.5.2
• NetBox version: 2.2.8

Description

The console/file log output of Netbox is limited to authentication events.

I'm currently trying to debug the API as used by NetboxClientRuby. I'm getting 403 errors where I don't think I should be when creating objects (the API token has full write privileges and my user can create objects in the web UI fine). Looking at the logs in /var/log/supervisor, all I see are my authentication events. Further, turning the logging up to DEBUG does not change the output.

403 Forbidden ({"detail"=>"You do not have permission to perform this action."})

I expect DEBUG level logging to include errors in object creation for any reason. Especially, 403s which should likely show up at INFO if not all the way up at ERROR.

Originally created by @tduehr on GitHub (Jan 24, 2018). ### Issue type [ ] Feature request <!-- An enhancement of existing functionality --> [X] Bug report <!-- Unexpected or erroneous behavior --> [ ] Documentation <!-- A modification to the documentation --> ### Environment * Python version: 3.5.2 * NetBox version: 2.2.8 ### Description The console/file log output of Netbox is limited to authentication events. I'm currently trying to debug the API as used by NetboxClientRuby. I'm getting 403 errors where I don't think I should be when creating objects (the API token has full write privileges and my user can create objects in the web UI fine). Looking at the logs in `/var/log/supervisor`, all I see are my authentication events. Further, turning the logging up to `DEBUG` does not change the output. `403 Forbidden ({"detail"=>"You do not have permission to perform this action."})` I expect `DEBUG` level logging to include errors in object creation for any reason. Especially, 403s which should likely show up at `INFO` if not all the way up at `ERROR`.

adam closed this issue 2025-12-29 16:32:33 +01:00

adam commented 2025-12-29 16:32:33 +01:00

Author

Owner

Copy Link

@jeremystretch commented on GitHub (Jan 30, 2018):

Authentication errors are just that: errors. There's nothing else to log because as soon as authentication fails, the request is aborted. What are you asking be changed?

@jeremystretch commented on GitHub (Jan 30, 2018): Authentication errors are just that: errors. There's nothing else to log because as soon as authentication fails, the request is aborted. What are you asking be changed?

adam commented 2025-12-29 16:32:33 +01:00

Author

Owner

Copy Link

@tduehr commented on GitHub (Jan 31, 2018):

In general, netbox lacks robust logging. At an INFO level I expect all authentication attempts and all successful actions to be logged to the console/syslog/etc.. I need to be able to audit netbox as it is (or was) used at a given time. The only way to reliably do that is through logs.

@tduehr commented on GitHub (Jan 31, 2018): In general, netbox lacks robust logging. At an INFO level I expect all authentication attempts and all successful actions to be logged to the console/syslog/etc.. I need to be able to audit netbox as it is (or was) used at a given time. The only way to reliably do that is through logs.

adam commented 2025-12-29 16:32:33 +01:00

Author

Owner

Copy Link

@pm17788 commented on GitHub (Feb 1, 2018):

I'd like to add another vote to this request.
Right now, I'm writing a bunch of Python stuff to populate data in NetBox, and, going forward, there will be tools to do reconciliation, but since I'm doing this via the API, there does not seem to be a good audit log for it.

I would argue that only the modify actions should be auditable, though, at DEBUG levels, where the implication of the performance impact is at least implied, even read APIs should be logged.

@pm17788 commented on GitHub (Feb 1, 2018): I'd like to add another vote to this request. Right now, I'm writing a bunch of Python stuff to populate data in NetBox, and, going forward, there will be tools to do reconciliation, but since I'm doing this via the API, there does not seem to be a good audit log for it. I would argue that only the modify actions should be auditable, though, at DEBUG levels, where the implication of the performance impact is at least implied, even read APIs should be logged.

adam commented 2025-12-29 16:32:33 +01:00

Author

Owner

Copy Link

@jeremystretch commented on GitHub (Feb 1, 2018):

Still not clear on what you're asking for. Could you please provide example code that would accomplish what you're proposing?

@jeremystretch commented on GitHub (Feb 1, 2018): Still not clear on what you're asking for. Could you please provide example code that would accomplish what you're proposing?

adam commented 2025-12-29 16:32:33 +01:00

Author

Owner

Copy Link

@pm17788 commented on GitHub (Feb 1, 2018):

@jeremystretch: Apologies. I am not a decent enough coder to actually do that.

I'll try to rephrase for more sanity. We are talking about taking, effectively, what is the "Recent Activity" feed and putting it out to a log (be it a file or SYSLOG). The change not currently there is also logging the API access(es).

Specifically, instead of:
2018-01-30 14:09 | Modified device server515

The log line would contain:

If modified via WebUI:
{"datetime":"2018-01-30T14:12:03-05:00", "user":"pm17788", "interface":"WebUI", "operation":"modify", "id":"dcim/devices/515", "data":{"name":"server515"}}
If modified via API:
{"datetime":"2018-01-30T14:12:03-05:00", "user":"pm17788", "interface":"API", "operation":"modify", "id":"dcim/devices/515", "data":{"name":"server515"}}

Basically, a full audit log of not only the operation performed, but what were the actual data items associated with the operation. If, for example, an Interface was created, then a full JSON of the data passed is what I'd expect in the logline.

It (probably) doesn't make sense to store this sort of an audit trail in a database - long-term storage requirements get silly, but IFF feasible, having more detail in the Recent Activity log would make sense for, say, past 7 days. If I want longer retention, I get to setup separate logging.

I hope this makes sense.

@pm17788 commented on GitHub (Feb 1, 2018): @jeremystretch: Apologies. I am not a decent enough coder to actually do that. I'll try to rephrase for more sanity. We are talking about taking, effectively, what is the "Recent Activity" feed and putting it out to a log (be it a file or SYSLOG). The change not currently there is also logging the API access(es). Specifically, instead of: `2018-01-30 14:09 | Modified device server515` The log line would contain: If modified via WebUI: `{"datetime":"2018-01-30T14:12:03-05:00", "user":"pm17788", "interface":"WebUI", "operation":"modify", "id":"dcim/devices/515", "data":{"name":"server515"}}` If modified via API: `{"datetime":"2018-01-30T14:12:03-05:00", "user":"pm17788", "interface":"API", "operation":"modify", "id":"dcim/devices/515", "data":{"name":"server515"}}` Basically, a full audit log of not only the operation performed, but what were the actual data items associated with the operation. If, for example, an Interface was created, then a full JSON of the data passed is what I'd expect in the logline. It (probably) doesn't make sense to store this sort of an audit trail in a database - long-term storage requirements get silly, but IFF feasible, having more detail in the Recent Activity log would make sense for, say, past 7 days. If I want longer retention, I get to setup separate logging. I hope this makes sense.

adam commented 2025-12-29 16:32:34 +01:00

Author

Owner

Copy Link

@jeremystretch commented on GitHub (Feb 1, 2018):

The UserAction stuff is slated to be overhauled entirely at some point (hopefully soon). #1127 has been open for a while now to convert it to use signals, but we need to go further than that. I might just expand that issue to cover this.

@jeremystretch commented on GitHub (Feb 1, 2018): The UserAction stuff is slated to be overhauled entirely at some point (hopefully soon). #1127 has been open for a while now to convert it to use signals, but we need to go further than that. I might just expand that issue to cover this.

adam commented 2025-12-29 16:32:34 +01:00

Author

Owner

Copy Link

@pm17788 commented on GitHub (Feb 1, 2018):

Cool! I would be quite willing to test, if that helps in any way.

@pm17788 commented on GitHub (Feb 1, 2018): Cool! I would be quite willing to test, if that helps in any way.

adam commented 2025-12-29 16:32:34 +01:00

Author

Owner

Copy Link

@jeremystretch commented on GitHub (Feb 20, 2018):

Folding this into #1898

@jeremystretch commented on GitHub (Feb 20, 2018): Folding this into #1898

adam referenced this issue 2025-12-29 22:20:19 +01:00

[PR #1537] [MERGED] Release v2.1.5 #12219

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

update-changelog-comments-docs

feature-removal-issue-type

20911-dropdown

20239-plugin-menu-classes-mutable-state

21097-graphql-id-lookups

feature

fix_module_substitution

20923-dcim-templates

20044-elevation-stuck-lightmode

feature-ip-prefix-link

v4.5-beta1-release

20068-import-moduletype-attrs

20766-fix-german-translation-code-literals

20378-del-script

7604-filter-modifiers-v3

circuit-swap

12318-case-insensitive-uniqueness

20637-improve-device-q-filter

20660-script-load

19724-graphql

20614-update-ruff

14884-script

02496-max-page

19720-macaddress-interface-generic-relation

19408-circuit-terminations-export-templates

20203-openapi-check

fix-19669-api-image-download

7604-filter-modifiers

19275-fixes-interface-bulk-edit

fix-17794-get_field_value_return_list

11507-show-aggregate-and-rir-on-api

9583-add_column_specific_search_field_to_tables

v4.5.0

v4.4.10

v4.4.9

v4.5.0-beta1

v4.4.8

v4.4.7

v4.4.6

v4.4.5

v4.4.4

v4.4.3

v4.4.2

v4.4.1

v4.4.0

v4.3.7

v4.4.0-beta1

v4.3.6

v4.3.5

v4.3.4

v4.3.3

v4.3.2

v4.3.1

v4.3.0

v4.2.9

v4.3.0-beta2

v4.2.8

v4.3.0-beta1

v4.2.7

v4.2.6

v4.2.5

v4.2.4

v4.2.3

v4.2.2

v4.2.1

v4.2.0

v4.1.11

v4.1.10

v4.1.9

v4.1.8

v4.2-beta1

v4.1.7

v4.1.6

v4.1.5

v4.1.4

v4.1.3

v4.1.2

v4.1.1

v4.1.0

v4.0.11

v4.0.10

v4.0.9

v4.1-beta1

v4.0.8

v4.0.7

v4.0.6

v4.0.5

v4.0.3

v4.0.2

v4.0.1

v4.0.0

v3.7.8

v3.7.7

v4.0-beta2

v3.7.6

v3.7.5

v4.0-beta1

v3.7.4

v3.7.3

v3.7.2

v3.7.1

v3.7.0

v3.6.9

v3.6.8

v3.6.7

v3.7-beta1

v3.6.6

v3.6.5

v3.6.4

v3.6.3

v3.6.2

v3.6.1

v3.6.0

v3.5.9

v3.6-beta2

v3.5.8

v3.6-beta1

v3.5.7

v3.5.6

v3.5.5

v3.5.4

v3.5.3

v3.5.2

v3.5.1

v3.5.0

v3.4.10

v3.4.9

v3.5-beta2

v3.4.8

v3.5-beta1

v3.4.7

v3.4.6

v3.4.5

v3.4.4

v3.4.3

v3.4.2

v3.4.1

v3.4.0

v3.3.10

v3.3.9

v3.4-beta1

v3.3.8

v3.3.7

v3.3.6

v3.3.5

v3.3.4

v3.3.3

v3.3.2

v3.3.1

v3.3.0

v3.2.9

v3.2.8

v3.3-beta2

v3.2.7

v3.3-beta1

v3.2.6

v3.2.5

v3.2.4

v3.2.3

v3.2.2

v3.2.1

v3.2.0

v3.1.11

v3.1.10

v3.2-beta2

v3.1.9

v3.2-beta1

v3.1.8

v3.1.7

v3.1.6

v3.1.5

v3.1.4

v3.1.3

v3.1.2

v3.1.1

v3.1.0

v3.0.12

v3.0.11

v3.0.10

v3.1-beta1

v3.0.9

v3.0.8

v3.0.7

v3.0.6

v3.0.5

v3.0.4

v3.0.3

v3.0.2

v3.0.1

v3.0.0

v2.11.12

v3.0-beta2

v2.11.11

v2.11.10

v3.0-beta1

v2.11.9

v2.11.8

v2.11.7

v2.11.6

v2.11.5

v2.11.4

v2.11.3

v2.11.2

v2.11.1

v2.11.0

v2.10.10

v2.10.9

v2.11-beta1

v2.10.8

v2.10.7

v2.10.6

v2.10.5

v2.10.4

v2.10.3

v2.10.2

v2.10.1

v2.10.0

v2.9.11

v2.10-beta2

v2.9.10

v2.10-beta1

v2.9.9

v2.9.8

v2.9.7

v2.9.6

v2.9.5

v2.9.4

v2.9.3

v2.9.2

v2.9.1

v2.9.0

v2.9-beta2

v2.8.9

v2.9-beta1

v2.8.8

v2.8.7

v2.8.6

v2.8.5

v2.8.4

v2.8.3

v2.8.2

v2.8.1

v2.8.0

v2.7.12

v2.7.11

v2.7.10

v2.7.9

v2.7.8

v2.7.7

v2.7.6

v2.7.5

v2.7.4

v2.7.3

v2.7.2

v2.7.1

v2.7.0

v2.6.12

v2.6.11

v2.6.10

v2.6.9

v2.7-beta1

Solcon-2020-01-06

v2.6.8

v2.6.7

v2.6.6

v2.6.5

v2.6.4

v2.6.3

v2.6.2

v2.6.1

v2.6.0

v2.5.13

v2.5.12

v2.6-beta1

v2.5.11

v2.5.10

v2.5.9

v2.5.8

v2.5.7

v2.5.6

v2.5.5

v2.5.4

v2.5.3

v2.5.2

v2.5.1

v2.5.0

v2.4.9

v2.5-beta2

v2.4.8

v2.5-beta1

v2.4.7

v2.4.6

v2.4.5

v2.4.4

v2.4.3

v2.4.2

v2.4.1

v2.4.0

v2.3.7

v2.4-beta1

v2.3.6

v2.3.5

v2.3.4

v2.3.3

v2.3.2

v2.3.1

v2.3.0

v2.2.10

v2.3-beta2

v2.2.9

v2.3-beta1

v2.2.8

v2.2.7

v2.2.6

v2.2.5

v2.2.4

v2.2.3

v2.2.2

v2.2.1

v2.2.0

v2.1.6

v2.2-beta2

v2.1.5

v2.2-beta1

v2.1.4

v2.1.3

v2.1.2

v2.1.1

v2.1.0

v2.0.10

v2.1-beta1

v2.0.9

v2.0.8

v2.0.7

v2.0.6

v2.0.5

v2.0.4

v2.0.3

v2.0.2

v2.0.1

v2.0.0

v2.0-beta3

v1.9.6

v1.9.5

v2.0-beta2

v1.9.4-r1

v1.9.3

v2.0-beta1

v1.9.2

v1.9.1

v1.9.0-r1

v1.8.4

v1.8.3

v1.8.2

v1.8.1

v1.8.0

v1.7.3

v1.7.2-r1

v1.7.1

v1.7.0

v1.6.3

v1.6.2-r1

v1.6.1-r1

1.6.1

v1.6.0

v1.5.2

v1.5.1

v1.5.0

v1.4.2

v1.4.1

v1.4.0

v1.3.2

v1.3.1

v1.3.0

v1.2.2

v1.2.1

v1.2.0

v1.1.0

v1.0.7-r1

v1.0.7

v1.0.6

v1.0.5

v1.0.4

v1.0.3-r1

v1.0.3

1.0.0

Labels

Clear labels

beta

breaking change

complexity: high

complexity: low

complexity: medium

needs milestone

netbox

pending closure

plugin candidate

pull-request

Mirrored from GitHub Pull Request

severity: high

severity: low

severity: medium

status: accepted

status: backlog

status: blocked

status: duplicate

status: needs owner

status: needs triage

status: revisions needed

status: under review

topic: GraphQL

topic: Internationalization

topic: OpenAPI

topic: UI/UX

topic: cabling

topic: event rules

topic: htmx navigation

topic: industrialization

topic: migrations

topic: plugins

topic: scripts

topic: templating

topic: testing

type: bug

type: deprecation

type: documentation

type: feature

type: housekeeping

type: translation

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

adam

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/netbox#1507