Hi Ruwan Did you had a look at XDAS format which is an audit logging format used in Identity Server.
Thanks & Regards Jo [1] http://openxdas.sourceforge.net/architecture.html On Thu, Feb 25, 2016 at 7:30 PM, Jenananthan Yogendran <[email protected] > wrote: > Hi , > > We have multiple tenant stores support , So we should log the tenant Id > of store where user perform actions. > i.e > {Time, SequenceId, UserId, tenantId of user, tenant Id of Store, Action, > Subject, optional(OldSubject), optional(NewSubject)} > > Thanks > > On Thu, Feb 25, 2016 at 4:09 PM, Sajith Ariyarathna <[email protected]> > wrote: > >> Hi All, >> >> What we need to log as audit log is, >>> {Time, SequenceId, UserId, Action, Subject, optional(OldSubject), >>> optional(NewSubject)} >>> >> IMO username is not enough for a audit log; including both username & >> tenant ID is a better approach. >> >> Thanks. >> >> On Thu, Feb 25, 2016 at 12:22 PM, Ruwan Abeykoon <[email protected]> wrote: >> >>> Hi All, >>> What we need to log as audit log is, >>> >>> {Time, SequenceId, UserId, Action, Subject, optional(OldSubject), >>> optional(NewSubject)} >>> >>> This will allow one to do audit trace on the question "Who did what on >>> which?" >>> >>> We will not log all the detail on the OldSubject or NewSubject. This >>> needs to be turned on in log configuration. >>> >>> e.g. If the log level is TRACE, we log all the detail in the Subjects, >>> but if the log level is INFO, we do not log the details. >>> >>> Our Audit log format will be JSON compatible. i.e. "key"="value". so >>> that it can be easily processed by tools like GREP,SED, CUT, AWK. >>> >>> Cheers, >>> Ruwan >>> >>> On Thu, Feb 25, 2016 at 11:37 AM, Visitha Wijesinghe <[email protected]> >>> wrote: >>> >>>> Hi, >>>> >>>> While implementing an audit logging mechanism for the App Manager we >>>> had two suggestions of solutions. >>>> >>>> First one is a conventional way to apply logs where the action is >>>> actually happening. In this approach main advantage is if the code >>>> changes we do not need to worry about the logs and they are clear, but the >>>> disadvantage is, it is hard to implement. To implement this we have to run >>>> through all the relevant locations in the App Manager code to find >>>> state changing places and log. This would take more effort initially. >>>> >>>> The second suggestion is a cross cutting approach which is to look at >>>> the problem as an aspect, here we write logs in one place by looking >>>> at the url pattern and decide what to write. The main advantage of >>>> this approach is, it is easy to implement. But if any url pattern change in >>>> the future we have to change it in the audit logs also. >>>> >>>> There are pros and cons of both approaches. we decided to follow the >>>> first approach. >>>> >>>> any feedbacks? >>>> >>>> >>>> >>>> -- >>>> >>>> *Visitha Wijesinghe* >>>> Software Engineer Intern. >>>> WSO2 Lanka (pvt) Ltd. >>>> >>>> Mobile - +94772617187 >>>> >>> >>> >>> >>> -- >>> >>> *Ruwan Abeykoon* >>> *Architect,* >>> *WSO2, Inc. http://wso2.com <http://wso2.com/> * >>> *lean.enterprise.middleware.* >>> >>> email: [email protected] >>> >> >> >> >> -- >> Sajith Ariyarathna >> Software Engineer; WSO2, Inc.; http://wso2.com/ >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > Jenananthan Yogendran > *Software Engineer,* > *WSO2 inc., http://wso2.com <http://wso2.com>* > > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- -- *Joseph Fonseka* WSO2 Inc.; http://wso2.com lean.enterprise.middleware mobile: +94 772 512 430 skype: jpfonseka * <http://lk.linkedin.com/in/rumeshbandara>*
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
