Open for Voting

Kiwi Syslog Web Server - User Account Control Options To Control What Syslog Messages A Specific Web User Has The Right To View

Currently there is no way to control what Syslog messages a specific Kiwi Web Server user account can view, all web user accounts have access to

see the default filter which shows all incoming Syslog messages based on what the web interface is being sent from the Kiwi Syslogd service daemon.

There is no way to delete that default filter or turn it off so that users can't see everything. The only option in the Kiwi Web Server for filters is whether

a filter is public or not,  and sure a user can create their own filters that they control whether to make public or not, but that still doesn't prevent them

from being able to see all the messages from the default ALL filter.

So here is an example of the problem I'm trying to solve, I have two high security conscience customers (DOD Standards) that only want to see their

own Syslog messages in the Kiwi Web interface, and want to make sure that nobody else is viewing any of their Syslog data outside their organization.

I am pulling Syslog messages into Kiwi from multiple customers and only forwarding those messages to the Kiwi Web interface for those customers

that need access to view their Syslog messages via the web. The issue is that all Kiwi user accounts defined in the web interface can see ALL Syslog

incoming messages via the default public filter, I would like to be able to restrict a user account to only see a specific set of Syslog messages based on say

an IP address or subnet, or a regex match in the Syslog message text, or via a specific priority. This way multiple Kiwi web interface users can use the

same interface and only be able to see their own data instead of theirs and everyone else's as well.

Currently the only way I have found around this issue is to fire up multiple Kiwi Syslog Web Server instances and only send data to the Web Server

for one specific customer that only allows that one customer to use the one particular web server. This doesn't scale very well if I have to restrict

Syslog messages to a specific web server for several customers, as I would have to fire up separate Kiwi Web Server instances for each customer.

Maybe the easy fix is to allow turning off public for the default ALL filter, and then being able to assign specific Syslog filters that have been created to

a specific user account that only allows that user to view what is theirs.