Hi Megala,

For improving the search friendliness, are you defining a new format for
the audit log entry ?

Currently we have following format.

<Initiator> | <Action> | <Target> | <Data> | <Result>

Eg: INFO {AUDIT_LOG}-  Initiator : admin@carbon.super | Action : Add User |
Target : newuser | Data : { Roles : } | Result : Success

In OWASP Top 10 list of vulnerabilities for 2017 [1], "Logging &
Monitoring" is newly introduced due to it's importance.

You can refer [2] for more information on this and accommodate the
recommendations in your improvements.

[1] https://www.owasp.org/images/7/72/OWASP_Top_10-2017_(en).pdf.pdf
[2] https://www.owasp.org/index.php/Logging_Cheat_Sheet

Regards,
TharinduE

On Tue, Mar 13, 2018 at 4:03 PM, Megala Uthayakumar <meg...@wso2.com> wrote:

> Hi All,
>
> I am working on improving audit logs related with user management tasks.
> Currently we have audit logs upto some extent, however it could be further
> improved. So in this improvement I will focusing on following tasks
>
>    1. Modifying the current audit logs, so that they will give better
>    information regarding the user management tasks done by a user.
>    2. Focusing on search friendly logs, which the search based on a regex
>    will return the relevant results expected by the server admin.
>    3. Currently we have not implemented some methods from
>    AbstractUserOperationEventListener in UserMgtAuditLogger[1], the event
>    listener for logging audit logs related with user management. So will be
>    focusing on implementing the other relevant methods to add the meaningful
>    audit logs.
>    4. Focusing on solving the issues that are reported already related
>    with user-mgt related audit logs[2].
>
> I have created a user story doc for this improvement[3] . Appreciate your
> comments and suggestions on this to further improve the audit logs related
> with user management.
>
> [1] https://github.com/wso2/carbon-identity-framework/
> blob/5.11.x/components/user-mgt/org.wso2.carbon.user.mgt/
> src/main/java/org/wso2/carbon/user/mgt/listeners/UserMgtAuditLogger.java
> [2] https://github.com/wso2/product-is/issues?utf8=%E2%9C%
> 93&q=is%3Aissue+is%3Aopen+audit
> [3] https://docs.google.com/document/d/1Ls0VuLsJaQtQAPgR3NkwtrcbFUvVZ
> uPW_gXA7bV5mmo/edit?usp=sharing
>
> Thanks.
>
> Regards,
> Megala
> --
> Megala Uthayakumar
>
> Senior Software Engineer
> Mobile : 0779967122
>



-- 

Tharindu Edirisinghe
Senior Software Engineer | WSO2 Inc
Platform Security Team
Blog : http://tharindue.blogspot.com
mobile : +94 775181586
_______________________________________________
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Reply via email to