There are some recommendations related to GDPR and it would be great if we can search little bit. Then we can figure out what we need to do additionally support GDPR requirements. Log access to personal data is something everyone discuss these days. As recommended every read operation on a personal data record should be logged, so that user/admin know who accessed what and for what purpose.
Sagara, Ruwan may provide better guidance. Thanks, sanjeewa. On Wed, Mar 14, 2018 at 9:26 AM, Megala Uthayakumar <[email protected]> wrote: > Hi Tharindu, > > Thanks for the response. I think we could define a new format, given that > it improves the search based on logs. I will go through provided docs. > > Thanks. > > Regards, > Megala > > On Tue, Mar 13, 2018 at 5:19 PM, Tharindu Edirisinghe <[email protected]> > wrote: > >> Hi Megala, >> >> For improving the search friendliness, are you defining a new format for >> the audit log entry ? >> >> Currently we have following format. >> >> <Initiator> | <Action> | <Target> | <Data> | <Result> >> >> Eg: INFO {AUDIT_LOG}- Initiator : [email protected] | Action : Add >> User | Target : newuser | Data : { Roles : } | Result : Success >> >> In OWASP Top 10 list of vulnerabilities for 2017 [1], "Logging & >> Monitoring" is newly introduced due to it's importance. >> >> You can refer [2] for more information on this and accommodate the >> recommendations in your improvements. >> >> [1] https://www.owasp.org/images/7/72/OWASP_Top_10-2017_(en).pdf.pdf >> [2] https://www.owasp.org/index.php/Logging_Cheat_Sheet >> >> Regards, >> TharinduE >> >> On Tue, Mar 13, 2018 at 4:03 PM, Megala Uthayakumar <[email protected]> >> wrote: >> >>> Hi All, >>> >>> I am working on improving audit logs related with user management tasks. >>> Currently we have audit logs upto some extent, however it could be further >>> improved. So in this improvement I will focusing on following tasks >>> >>> 1. Modifying the current audit logs, so that they will give better >>> information regarding the user management tasks done by a user. >>> 2. Focusing on search friendly logs, which the search based on a >>> regex will return the relevant results expected by the server admin. >>> 3. Currently we have not implemented some methods >>> from AbstractUserOperationEventListener in UserMgtAuditLogger[1], >>> the event listener for logging audit logs related with user management. >>> So >>> will be focusing on implementing the other relevant methods to add the >>> meaningful audit logs. >>> 4. Focusing on solving the issues that are reported already related >>> with user-mgt related audit logs[2]. >>> >>> I have created a user story doc for this improvement[3] . Appreciate >>> your comments and suggestions on this to further improve the audit logs >>> related with user management. >>> >>> [1] https://github.com/wso2/carbon-identity-framework/blob/5 >>> .11.x/components/user-mgt/org.wso2.carbon.user.mgt/src/main/ >>> java/org/wso2/carbon/user/mgt/listeners/UserMgtAuditLogger.java >>> [2] https://github.com/wso2/product-is/issues?utf8=%E2%9C%93 >>> &q=is%3Aissue+is%3Aopen+audit >>> [3] https://docs.google.com/document/d/1Ls0VuLsJaQtQAPgR3Nkw >>> trcbFUvVZuPW_gXA7bV5mmo/edit?usp=sharing >>> >>> Thanks. >>> >>> Regards, >>> Megala >>> -- >>> Megala Uthayakumar >>> >>> Senior Software Engineer >>> Mobile : 0779967122 <077%20996%207122> >>> >> >> >> >> -- >> >> Tharindu Edirisinghe >> Senior Software Engineer | WSO2 Inc >> Platform Security Team >> Blog : http://tharindue.blogspot.com >> mobile : +94 775181586 <+94%2077%20518%201586> >> > > > > -- > Megala Uthayakumar > > Senior Software Engineer > Mobile : 0779967122 <077%20996%207122> > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- *Sanjeewa Malalgoda* WSO2 Inc. Mobile : +94713068779 <http://sanjeewamalalgoda.blogspot.com/>blog :http://sanjeewamalalgoda.blogspot.com/ <http://sanjeewamalalgoda.blogspot.com/>
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
