We had an offline discussion on what needs to logged for auditing purposes in C5 kernel. It seems the only thing that needs to be logged in the user name of the Principal when it gets set to the PrivilegedCarbonContext. Therefore, we have added that into the MDC.
To Audit, the devs may use the org.wso2.carbon.kernel.Constants.AUDIT instance which is a special logger with name "AUDIT_LOG". The test cases show how it's been used. Right now, this goes into a log file named audit.log. The commits of the PR is at [1]. Next, we need to write a log4j appender for XDAS to publish the audit logs to the distributed audit service. For that, we need to discuss the the best place to maintain it, and whether it needs to come from Kernel. [1] https://github.com/wso2/carbon-kernel/commit/e77f7f972c90e378ad00f44ce9228fea98e2ca2b On Tue, May 3, 2016 at 5:48 PM, KasunG Gajasinghe <[email protected]> wrote: > > MDC helps with capturing the information at relevant places such as at > log-in time, and use that information later on when an auditable action is > done. > > Then, we can capture this information using a logging appender and send it > to an audit log file. We can also write a custom logging appender to > communicate with a XDAS implementation. With a logging appender, we can > decouple the dependency on XDAS implementation. > > I checked XDAS implementations, and found OpenXDAS [1]. Not sure how > active the community is though. The last release seems to be on 2009. > > [1] https://sourceforge.net/projects/openxdas/ > > On Tue, May 3, 2016 at 10:41 AM, Srinath Perera <[email protected]> wrote: > >> +1 for doing this and using XDAS and then adding analytics based on this >> to security analytics >> >> Correlation like Prabath mentioned, we can do at DAS >> >> --Srinath >> >> On Tue, May 3, 2016 at 3:22 AM, Prabath Siriwardana <[email protected]> >> wrote: >> >>> I guess one more thing we miss in C4 logs is - how to correlate all the >>> logs related to a given message enters into the server.. >>> >>> Thanks & regards, >>> -Prabath >>> >>> On Thu, Apr 28, 2016 at 1:39 AM, Sameera Jayasoma <[email protected]> >>> wrote: >>> >>>> Hi All, >>>> >>>> Audit logs or Audit trails contain set of log entries which describe a >>>> sequence of actions which have occurred over a time period. From audit >>>> logs, it is possible to trace all the actions of a single user or all the >>>> actions or changes introduced to a certain module in the system etc. E.g. >>>> It captures all the actions of a single user from the point he logs in to >>>> the application. >>>> >>>> In previous versions of the Carbon platform, we only had a logger >>>> called AUDIT and a separate appender which appends audit logs to separate >>>> log file. >>>> >>>> The only drawback of this approach is that we don't have a proper way >>>> to capture contextual information. In each and every audit log, we need to >>>> capture logged in user details, IP address of client etc. In the previous >>>> approach developers have to log this information with each and every audit >>>> log attempt. This is suboptimal IMO, we need to implement a mechanism where >>>> developers gives only the log message and system should append all the >>>> other information to the log. I see few ways to implement this. >>>> >>>> 1) Write a custom appender which write audit logs to the file with >>>> contextual information. >>>> 2) Provide API to log audit logs. We can extract contextual information >>>> from the CarbonContext in both of these methods. >>>> >>>> Any thoughts. >>>> >>>> Thanks, >>>> Sameera. >>>> >>>> -- >>>> Sameera Jayasoma, >>>> Software Architect, >>>> >>>> WSO2, Inc. (http://wso2.com) >>>> email: [email protected] >>>> blog: http://blog.sameera.org >>>> twitter: https://twitter.com/sameerajayasoma >>>> flickr: http://www.flickr.com/photos/sameera-jayasoma/collections >>>> Mobile: 0094776364456 >>>> >>>> Lean . Enterprise . Middleware >>>> >>>> >>> >>> >>> -- >>> Thanks & Regards, >>> Prabath >>> >>> Twitter : @prabath >>> LinkedIn : http://www.linkedin.com/in/prabathsiriwardena >>> >>> Mobile : +1 650 625 7950 >>> >>> http://blog.facilelogin.com >>> http://blog.api-security.org >>> >> >> >> >> -- >> ============================ >> Blog: http://srinathsview.blogspot.com twitter:@srinath_perera >> Site: http://home.apache.org/~hemapani/ >> Photos: http://www.flickr.com/photos/hemapani/ >> Phone: 0772360902 >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > > *Kasun Gajasinghe*Senior Software Engineer, WSO2 Inc. > email: kasung AT spamfree wso2.com > linked-in: http://lk.linkedin.com/in/gajasinghe > blog: http://kasunbg.org > > > -- *Kasun Gajasinghe*Senior Software Engineer, WSO2 Inc. email: kasung AT spamfree wso2.com linked-in: http://lk.linkedin.com/in/gajasinghe blog: http://kasunbg.org
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
