MAAS events provide a detailed audit trail of changes to machines, users, and configuration settings within your MAAS environment. Events tagged with AUDIT capture this important history of modifications that have occurred over time.
Examining these audit events enables operators to understand who made changes, what was changed, and when changes occurred. This visibility facilitates troubleshooting, forensics, compliance, and oversight.
The maas CLI includes an events query command to retrieve MAAS events. To focus specifically on audit events, include the level=AUDIT filter:
maas $PROFILE events query level=AUDIT
Additional filters can be applied to restrict the event set. For example, to retrieve the 20 most recent audit events:
maas $PROFILE events query level=AUDIT limit=20 after=0
The default output format for events query is JSON. This allows piping the output into tools like jq for parsing and formatting:
maas $PROFILE events query level=AUDIT | jq -r '.events[] | {user, node, action}'
Alternatively, text processing utilities like grep, cut, sort, and sed can be used on the raw JSON output or text output from jq.
Audit event descriptions follow a consistent verb/noun format denoting the action performed:
For example:
Started testing on 'example-node'Marked 'old-node' brokenDeleted the machine 'retired-system'The most useful audit events track lifecycle changes on nodes managed by MAAS. These node events include:
User and Configuration Audit Events
Beyond node lifecycle changes, audit events also track:
Leveraging events query filters enables focused audits for specific nodes, users, or time periods.
For example, to see all events for a node:
maas $PROFILE events query hostname=my-node
Or to audit deletes performed by a user:
maas $PROFILE events query username=jane level=AUDIT | grep "Deleted "
Chaining filters and output processing streams facilitates efficient auditing workflows tailored to an operator's needs.
MAAS audit events provide a detailed history of changes over time. Querying and analyzing these events enables oversight, forensics, compliance, and troubleshooting. Operators can craft targeted audits combining CLI filters and output processing tools.