Hi All,
What we need to log as audit log is,
> {Time, SequenceId, UserId, Action, Subject, optional(OldSubject),
> optional(NewSubject)}
>
IMO username is not enough for a audit log; including both username &
tenant ID is a better approach.
Thanks.
On Thu, Feb 25, 2016 at 12:22 PM, Ruwan Abeykoon <[email protected]> wrote:
> Hi All,
> What we need to log as audit log is,
>
> {Time, SequenceId, UserId, Action, Subject, optional(OldSubject),
> optional(NewSubject)}
>
> This will allow one to do audit trace on the question "Who did what on
> which?"
>
> We will not log all the detail on the OldSubject or NewSubject. This needs
> to be turned on in log configuration.
>
> e.g. If the log level is TRACE, we log all the detail in the Subjects, but
> if the log level is INFO, we do not log the details.
>
> Our Audit log format will be JSON compatible. i.e. "key"="value". so that
> it can be easily processed by tools like GREP,SED, CUT, AWK.
>
> Cheers,
> Ruwan
>
> On Thu, Feb 25, 2016 at 11:37 AM, Visitha Wijesinghe <[email protected]>
> wrote:
>
>> Hi,
>>
>> While implementing an audit logging mechanism for the App Manager we had
>> two suggestions of solutions.
>>
>> First one is a conventional way to apply logs where the action is
>> actually happening. In this approach main advantage is if the code
>> changes we do not need to worry about the logs and they are clear, but the
>> disadvantage is, it is hard to implement. To implement this we have to run
>> through all the relevant locations in the App Manager code to find state
>> changing places and log. This would take more effort initially.
>>
>> The second suggestion is a cross cutting approach which is to look at the
>> problem as an aspect, here we write logs in one place by looking at the
>> url pattern and decide what to write. The main advantage of this
>> approach is, it is easy to implement. But if any url pattern change in the
>> future we have to change it in the audit logs also.
>>
>> There are pros and cons of both approaches. we decided to follow the
>> first approach.
>>
>> any feedbacks?
>>
>>
>>
>> --
>>
>> *Visitha Wijesinghe*
>> Software Engineer Intern.
>> WSO2 Lanka (pvt) Ltd.
>>
>> Mobile - +94772617187
>>
>
>
>
> --
>
> *Ruwan Abeykoon*
> *Architect,*
> *WSO2, Inc. http://wso2.com <http://wso2.com/> *
> *lean.enterprise.middleware.*
>
> email: [email protected]
>
--
Sajith Ariyarathna
Software Engineer; WSO2, Inc.; http://wso2.com/
_______________________________________________
Architecture mailing list
[email protected]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
