Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: audit logs #994

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat: audit logs #994

wants to merge 1 commit into from

Conversation

Anirudhxx
Copy link
Contributor

Opening this PR so it makes it easier to discuss adding audit logs to parseable.

Fixes #765.

What kind of events do we want to capture?

  • Right now I am only tracking the Action events
  • Since these are accessible in the auth middleware I have sent the actual audit log post request in the auth middleware itself
  • This most likely add a performance penalty to our server and should be moved elsewhere (Looking for some suggestions)

Adding any other details to the audit log

  • Right now I am only capturing details like <action, ip address, request type>

This PR has:

  • been tested to ensure log ingestion and log query works.
  • added comments explaining the "why" and the intent of the code wherever would not be obvious for an unfamiliar reader.
  • added documentation for new or modified features or behaviors.

@Anirudhxx @akshatagarwl
feat: audit logs
c455912 
Co-authored-by: Akshat Agarwal <[email protected]>
de-sh
de-sh reviewed Nov 19, 2024
View reviewed changes
server/src/cli.rs
pub audit_log_target_username: Option<String>,
pub audit_log_target_password: Option<String>,
pub audit_log_target_tls_verify: bool,
pub audit_log_target_headers: HashMap<String, String>,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This could just as well be an http::HeaderMap

de-sh
de-sh reviewed Nov 19, 2024
View reviewed changes
server/src/handlers/http/middleware.rs
.get("user-agent")
.and_then(|value| value.to_str().ok())
.unwrap_or("unknown"),
"id": "user123"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why is this hardcoded, and what is the intention behind using user-agent as type?

server/src/handlers/http/middleware.rs
.unwrap_or("unknown"),
"id": "user123"
},
"ip-address":&req
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are you intending to use the addr of the client?

server/src/handlers/http/middleware.rs
@@ -164,6 +171,31 @@ where
/* ## Section end */

let auth_result: Result<_, Error> = (self.auth_method)(&mut req, self.action);
let body = json!([
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I will work on the Schema, will get back to you in a week's time

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@de-sh de-sh de-sh left review comments

@nikhilsinhaparseable nikhilsinhaparseable Awaiting requested review from nikhilsinhaparseable

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

feat: audit logging for Parseable
2 participants
@Anirudhxx @de-sh