-
-
Notifications
You must be signed in to change notification settings - Fork 120
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: audit logs #994
feat: audit logs #994
Conversation
Co-authored-by: Akshat Agarwal <[email protected]>
pub audit_log_target_username: Option<String>, | ||
pub audit_log_target_password: Option<String>, | ||
pub audit_log_target_tls_verify: bool, | ||
pub audit_log_target_headers: HashMap<String, String>, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This could just as well be an http::HeaderMap
after collection from the CLI args
.get("user-agent") | ||
.and_then(|value| value.to_str().ok()) | ||
.unwrap_or("unknown"), | ||
"id": "user123" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why is this hardcoded, and what is the intention behind using user-agent as type?
.unwrap_or("unknown"), | ||
"id": "user123" | ||
}, | ||
"ip-address":&req |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are you intending to use the addr of the client?
@@ -164,6 +171,31 @@ where | |||
/* ## Section end */ | |||
|
|||
let auth_result: Result<_, Error> = (self.auth_method)(&mut req, self.action); | |||
let body = json!([ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I will work on the Schema, will get back to you in a week's time
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hey @de-sh, just following up. Did you get a chance to work on this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hey, sorry that this got lost, here is what I was able to come up with and Nitish has updated:
{
"version": "1",
"deploymentID": "String: uuid",
"auditID": "String: uuid",
"timestamp": "String: Datetime",
"stream": "String",
"actor": {
"remoteHost": "127.0.0.1",
"userAgent": "String",
"userName": "String: username",
"authorizationMethod": "Enum: basic/oauth/jwt"
},
"request": {
"method": "Enum: POST/GET/PUT",
"path": "String",
"host": "String",
"protocol": "Enum: kafka/http/https",
"headers": {
"key": "value"
}
},
"response": {
"statusCode": int
}
}
I feel like the right way to do this would involve a dedicated thread that handles the serialization and |
@de-sh I'll implement a audit macro and replace it with the current reqwest code and create a new tracing subscriber which will look for these audit spans and send the audit log to the relevant parseable server. lmk if this works? |
@de-sh can we add below data points in the ingestion handler -
if we send this to a stream on a different Parseable instance, we can atleast verify if request reached Parseable server and it responded with 200 OK or did it reject. |
@Anirudhxx do let us know if you are going to continue or abandoning this PR |
@de-sh I will work on this today. |
hey @Anirudhxx this is needed for a production deployment, so we've been working on this in parallel. Closing this due to no response. Thank you for the effort, unfortunately we couldn't get this in. |
Opening this PR so it makes it easier to discuss adding audit logs to parseable.
Fixes #765.
What kind of events do we want to capture?
Adding any other details to the audit log
This PR has: