Hi Joe, On Tue, Mar 1, 2016 at 12:57 AM, Joseph Fonseka <[email protected]> wrote:
> Hi Ruwan > > Did you had a look at XDAS format which is an audit logging format used in > Identity Server. > Thanks for bringing this in. I don't think we checked on this. If it's the XDAS defined format we should adhere to WSO2 audit logs, we will change AppM log format too. Regards, Dinusha. > > Thanks & Regards > Jo > > > [1] http://openxdas.sourceforge.net/architecture.html > > On Thu, Feb 25, 2016 at 7:30 PM, Jenananthan Yogendran < > [email protected]> wrote: > >> Hi , >> >> We have multiple tenant stores support , So we should log the tenant Id >> of store where user perform actions. >> i.e >> {Time, SequenceId, UserId, tenantId of user, tenant Id of Store, Action, >> Subject, optional(OldSubject), optional(NewSubject)} >> >> Thanks >> >> On Thu, Feb 25, 2016 at 4:09 PM, Sajith Ariyarathna <[email protected]> >> wrote: >> >>> Hi All, >>> >>> What we need to log as audit log is, >>>> {Time, SequenceId, UserId, Action, Subject, optional(OldSubject), >>>> optional(NewSubject)} >>>> >>> IMO username is not enough for a audit log; including both username & >>> tenant ID is a better approach. >>> >>> Thanks. >>> >>> On Thu, Feb 25, 2016 at 12:22 PM, Ruwan Abeykoon <[email protected]> >>> wrote: >>> >>>> Hi All, >>>> What we need to log as audit log is, >>>> >>>> {Time, SequenceId, UserId, Action, Subject, optional(OldSubject), >>>> optional(NewSubject)} >>>> >>>> This will allow one to do audit trace on the question "Who did what on >>>> which?" >>>> >>>> We will not log all the detail on the OldSubject or NewSubject. This >>>> needs to be turned on in log configuration. >>>> >>>> e.g. If the log level is TRACE, we log all the detail in the Subjects, >>>> but if the log level is INFO, we do not log the details. >>>> >>>> Our Audit log format will be JSON compatible. i.e. "key"="value". so >>>> that it can be easily processed by tools like GREP,SED, CUT, AWK. >>>> >>>> Cheers, >>>> Ruwan >>>> >>>> On Thu, Feb 25, 2016 at 11:37 AM, Visitha Wijesinghe <[email protected]> >>>> wrote: >>>> >>>>> Hi, >>>>> >>>>> While implementing an audit logging mechanism for the App Manager we >>>>> had two suggestions of solutions. >>>>> >>>>> First one is a conventional way to apply logs where the action is >>>>> actually happening. In this approach main advantage is if the code >>>>> changes we do not need to worry about the logs and they are clear, but the >>>>> disadvantage is, it is hard to implement. To implement this we have to run >>>>> through all the relevant locations in the App Manager code to find >>>>> state changing places and log. This would take more effort >>>>> initially. >>>>> >>>>> The second suggestion is a cross cutting approach which is to look at >>>>> the problem as an aspect, here we write logs in one place by looking >>>>> at the url pattern and decide what to write. The main advantage of >>>>> this approach is, it is easy to implement. But if any url pattern change >>>>> in >>>>> the future we have to change it in the audit logs also. >>>>> >>>>> There are pros and cons of both approaches. we decided to follow the >>>>> first approach. >>>>> >>>>> any feedbacks? >>>>> >>>>> >>>>> >>>>> -- >>>>> >>>>> *Visitha Wijesinghe* >>>>> Software Engineer Intern. >>>>> WSO2 Lanka (pvt) Ltd. >>>>> >>>>> Mobile - +94772617187 >>>>> >>>> >>>> >>>> >>>> -- >>>> >>>> *Ruwan Abeykoon* >>>> *Architect,* >>>> *WSO2, Inc. http://wso2.com <http://wso2.com/> * >>>> *lean.enterprise.middleware.* >>>> >>>> email: [email protected] >>>> >>> >>> >>> >>> -- >>> Sajith Ariyarathna >>> Software Engineer; WSO2, Inc.; http://wso2.com/ >>> >>> _______________________________________________ >>> Architecture mailing list >>> [email protected] >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> >> >> -- >> Jenananthan Yogendran >> *Software Engineer,* >> *WSO2 inc., http://wso2.com <http://wso2.com>* >> >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > > -- > *Joseph Fonseka* > WSO2 Inc.; http://wso2.com > lean.enterprise.middleware > > mobile: +94 772 512 430 > skype: jpfonseka > > * <http://lk.linkedin.com/in/rumeshbandara>* > > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Dinusha Dilrukshi Associate Technical Lead WSO2 Inc.: http://wso2.com/ Mobile: +94725255071 Blog: http://dinushasblog.blogspot.com/
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
