MDC helps with capturing the information at relevant places such as at log-in time, and use that information later on when an auditable action is done.
Then, we can capture this information using a logging appender and send it to an audit log file. We can also write a custom logging appender to communicate with a XDAS implementation. With a logging appender, we can decouple the dependency on XDAS implementation. I checked XDAS implementations, and found OpenXDAS [1]. Not sure how active the community is though. The last release seems to be on 2009. [1] https://sourceforge.net/projects/openxdas/ On Tue, May 3, 2016 at 10:41 AM, Srinath Perera <[email protected]> wrote: > +1 for doing this and using XDAS and then adding analytics based on this > to security analytics > > Correlation like Prabath mentioned, we can do at DAS > > --Srinath > > On Tue, May 3, 2016 at 3:22 AM, Prabath Siriwardana <[email protected]> > wrote: > >> I guess one more thing we miss in C4 logs is - how to correlate all the >> logs related to a given message enters into the server.. >> >> Thanks & regards, >> -Prabath >> >> On Thu, Apr 28, 2016 at 1:39 AM, Sameera Jayasoma <[email protected]> >> wrote: >> >>> Hi All, >>> >>> Audit logs or Audit trails contain set of log entries which describe a >>> sequence of actions which have occurred over a time period. From audit >>> logs, it is possible to trace all the actions of a single user or all the >>> actions or changes introduced to a certain module in the system etc. E.g. >>> It captures all the actions of a single user from the point he logs in to >>> the application. >>> >>> In previous versions of the Carbon platform, we only had a logger called >>> AUDIT and a separate appender which appends audit logs to separate log >>> file. >>> >>> The only drawback of this approach is that we don't have a proper way to >>> capture contextual information. In each and every audit log, we need to >>> capture logged in user details, IP address of client etc. In the previous >>> approach developers have to log this information with each and every audit >>> log attempt. This is suboptimal IMO, we need to implement a mechanism where >>> developers gives only the log message and system should append all the >>> other information to the log. I see few ways to implement this. >>> >>> 1) Write a custom appender which write audit logs to the file with >>> contextual information. >>> 2) Provide API to log audit logs. We can extract contextual information >>> from the CarbonContext in both of these methods. >>> >>> Any thoughts. >>> >>> Thanks, >>> Sameera. >>> >>> -- >>> Sameera Jayasoma, >>> Software Architect, >>> >>> WSO2, Inc. (http://wso2.com) >>> email: [email protected] >>> blog: http://blog.sameera.org >>> twitter: https://twitter.com/sameerajayasoma >>> flickr: http://www.flickr.com/photos/sameera-jayasoma/collections >>> Mobile: 0094776364456 >>> >>> Lean . Enterprise . Middleware >>> >>> >> >> >> -- >> Thanks & Regards, >> Prabath >> >> Twitter : @prabath >> LinkedIn : http://www.linkedin.com/in/prabathsiriwardena >> >> Mobile : +1 650 625 7950 >> >> http://blog.facilelogin.com >> http://blog.api-security.org >> > > > > -- > ============================ > Blog: http://srinathsview.blogspot.com twitter:@srinath_perera > Site: http://home.apache.org/~hemapani/ > Photos: http://www.flickr.com/photos/hemapani/ > Phone: 0772360902 > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- *Kasun Gajasinghe*Senior Software Engineer, WSO2 Inc. email: kasung AT spamfree wso2.com linked-in: http://lk.linkedin.com/in/gajasinghe blog: http://kasunbg.org
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
