On 08/25/2011 06:55 PM, Johannes Renner wrote:
> Well, I can count three, while only one (!) of them is public. But we
> can still rename the other ones, no problem.
I count:
private static Logger log = Logger.getLogger(AuditLog.LOGGER_NAME);
as well.
> - How can you distinguish between interesting and uninteresting requests?
> - There is some interesting requests that are not POST requests, e.g. logouts.
> - There is some POST requests that are not interesting, e.g user selects all
> entries of a list.
> - Log events cannot be categorized for a later filtering. At a single entry
> point it is very hard to see what really has happened.
I thought that there will be configuration file, where you state what
and how will be logged. All based on URI similary to struts config file.
E.g.
/rhn/LoginSubmit.do {
key = "LOGIN"
value = "user=${POST.username};pass=${POST.password}"
}
/rhn/admin/config/GeneralConfig.do {
key = "CONF"
value = "email=${POST.email};....."
}
etc. you probably got the idea now.
And those url not specified will not be logged.
> - When using an external entry point (like mod_security), you can't actually
> see from the logs which user was involved since it is not possible to map
> between uid, sid, ... and real world 'objects'.
I said "something liek mod_security". I can imagine build something upon
existing project, but even something new written from scratch just for
Spacewalk.
And translating sid to user is not so big problem. You can have config
file where you specify how you translate sid to user. Ie.
[translate]
user = "select login from web_contact join pxtsession on
web_user_id=web_contact.id where pxt.id = :sid"
and in logging config have:
/rhn/admin/config/GeneralConfig.do {
key = "CONF"
translate[user] = sid
value = "logged=${user};email=${POST.email};....."
}
This way it can be even Spacewalk independent and you can use it on
different project where they have different tables.
> I agree with you completely on the fact that getting the big picture is hard,
> but generic logging of request data does somehow not satisfy our needs :-/
So there is place to write one :)
Just think that after some years customer will ask you "and which
events/action/url are logged? Can you give me the list."
And you will have hard time to provide such list.
--
Miroslav Suchy
Red Hat Satellite Engineering
_______________________________________________
Spacewalk-devel mailing list
Spacewalk-devel@redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-devel
