Hi Tharindu, I believe we can stick to the same format of <Initiator> | <Action> | <Target> | <Data> | <Result>
Because in that format we can include the same required results that Megala wants. thanks, Dimuthu On Wed, Mar 14, 2018 at 5:47 PM, Megala Uthayakumar <[email protected]> wrote: > Hi Sanjeewa/Tharindu and all, > > I have done some reading on this area and has come-up with the doc based > on guidelines. > Following is the summary based on my reading, > > GDPR does not directly mention the recommendations related with logging > and monitoring. However based on various points given under the > regulations, we could derive some of the important guidelines that need to > be followed while doing audit logging. Most of OWASP’s guidelines for > logging and monitoring agrees with the logging and monitoring requirement > for GDPR. Following are the some most important points while doing the > auditing. > > 1. Audit logs should have the details of modifications and retrieval > tasks done on personal data. We may have different log levels for this. For > modification, we could give higher severity and for retrieval , we could > give lower severity. > 2. Each audit log should include who, where, whom and what > > Based on this following are the most import improvements that need to be > included. > > - Need to introduce logs for all the modification and viewing purpose. > Importantly, we need to log all the activities related with the users who > have adminstrator priviledges. > - Need to decide on introducing different severity levels for audit > logs > - Make sure that each log entry include who, where, why and what. > > As a starting point, I will be investigating on feasiibility of impoving > current UserAuditLogger to accomadate all these improvements. Appreciate > your suggestions on this. > > [1] https://docs.google.com/document/d/1hVewKDQ_-vhnkYX1ChC6lIBoEfuC- > E2r43Tbd6eZL4g/edit?usp=sharing > > Thanks > , > Regards, > Megala > > On Wed, Mar 14, 2018 at 9:35 AM, Sanjeewa Malalgoda <[email protected]> > wrote: > >> There are some recommendations related to GDPR and it would be great if >> we can search little bit. Then we can figure out what we need to do >> additionally support GDPR requirements. Log access to personal data is >> something everyone discuss these days. As recommended every read operation >> on a personal data record should be logged, so that user/admin know who >> accessed what and for what purpose. >> >> Sagara, Ruwan may provide better guidance. >> >> Thanks, >> sanjeewa. >> >> On Wed, Mar 14, 2018 at 9:26 AM, Megala Uthayakumar <[email protected]> >> wrote: >> >>> Hi Tharindu, >>> >>> Thanks for the response. I think we could define a new format, given >>> that it improves the search based on logs. I will go through provided docs. >>> >>> Thanks. >>> >>> Regards, >>> Megala >>> >>> On Tue, Mar 13, 2018 at 5:19 PM, Tharindu Edirisinghe < >>> [email protected]> wrote: >>> >>>> Hi Megala, >>>> >>>> For improving the search friendliness, are you defining a new format >>>> for the audit log entry ? >>>> >>>> Currently we have following format. >>>> >>>> <Initiator> | <Action> | <Target> | <Data> | <Result> >>>> >>>> Eg: INFO {AUDIT_LOG}- Initiator : [email protected] | Action : Add >>>> User | Target : newuser | Data : { Roles : } | Result : Success >>>> >>>> In OWASP Top 10 list of vulnerabilities for 2017 [1], "Logging & >>>> Monitoring" is newly introduced due to it's importance. >>>> >>>> You can refer [2] for more information on this and accommodate the >>>> recommendations in your improvements. >>>> >>>> [1] https://www.owasp.org/images/7/72/OWASP_Top_10-2017_(en).pdf.pdf >>>> [2] https://www.owasp.org/index.php/Logging_Cheat_Sheet >>>> >>>> Regards, >>>> TharinduE >>>> >>>> On Tue, Mar 13, 2018 at 4:03 PM, Megala Uthayakumar <[email protected]> >>>> wrote: >>>> >>>>> Hi All, >>>>> >>>>> I am working on improving audit logs related with user management >>>>> tasks. Currently we have audit logs upto some extent, however it could be >>>>> further improved. So in this improvement I will focusing on following >>>>> tasks >>>>> >>>>> 1. Modifying the current audit logs, so that they will give better >>>>> information regarding the user management tasks done by a user. >>>>> 2. Focusing on search friendly logs, which the search based on a >>>>> regex will return the relevant results expected by the server admin. >>>>> 3. Currently we have not implemented some methods >>>>> from AbstractUserOperationEventListener in UserMgtAuditLogger[1], >>>>> the event listener for logging audit logs related with user >>>>> management. So >>>>> will be focusing on implementing the other relevant methods to add the >>>>> meaningful audit logs. >>>>> 4. Focusing on solving the issues that are reported already >>>>> related with user-mgt related audit logs[2]. >>>>> >>>>> I have created a user story doc for this improvement[3] . Appreciate >>>>> your comments and suggestions on this to further improve the audit logs >>>>> related with user management. >>>>> >>>>> [1] https://github.com/wso2/carbon-identity-framework/blob/5 >>>>> .11.x/components/user-mgt/org.wso2.carbon.user.mgt/src/main/ >>>>> java/org/wso2/carbon/user/mgt/listeners/UserMgtAuditLogger.java >>>>> [2] https://github.com/wso2/product-is/issues?utf8=%E2%9C%93 >>>>> &q=is%3Aissue+is%3Aopen+audit >>>>> [3] https://docs.google.com/document/d/1Ls0VuLsJaQtQAPgR3Nkw >>>>> trcbFUvVZuPW_gXA7bV5mmo/edit?usp=sharing >>>>> >>>>> Thanks. >>>>> >>>>> Regards, >>>>> Megala >>>>> -- >>>>> Megala Uthayakumar >>>>> >>>>> Senior Software Engineer >>>>> Mobile : 0779967122 <077%20996%207122> >>>>> >>>> >>>> >>>> >>>> -- >>>> >>>> Tharindu Edirisinghe >>>> Senior Software Engineer | WSO2 Inc >>>> Platform Security Team >>>> Blog : http://tharindue.blogspot.com >>>> mobile : +94 775181586 <+94%2077%20518%201586> >>>> >>> >>> >>> >>> -- >>> Megala Uthayakumar >>> >>> Senior Software Engineer >>> Mobile : 0779967122 <077%20996%207122> >>> >>> _______________________________________________ >>> Architecture mailing list >>> [email protected] >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> >> >> -- >> >> *Sanjeewa Malalgoda* >> WSO2 Inc. >> Mobile : +94713068779 <+94%2071%20306%208779> >> >> <http://sanjeewamalalgoda.blogspot.com/>blog >> :http://sanjeewamalalgoda.blogspot.com/ >> <http://sanjeewamalalgoda.blogspot.com/> >> >> >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > Megala Uthayakumar > > Senior Software Engineer > Mobile : 0779967122 <077%20996%207122> > -- Dimuthu Leelarathne Director, Rapid Response Team WSO2, Inc. (http://wso2.com) email: [email protected] Mobile: +94773661935 Blog: http://muthulee.blogspot.com Lean . Enterprise . Middleware
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
