You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@archiva.apache.org by Joakim Erdfelt <jo...@erdfelt.com> on 2007/11/08 19:48:37 UTC

[DISCUSS] [MRM-564] Audit Logging.

A change was made to audit logging today (re: MRM-564)

The audit.log is now generated via a log4j logger (not direct java.io 
usage).
The output contains the following structure.

"{timestamp} {repository_id} {user_id} {remote_ip} \"{resource}\" 
\"{action}\""

Example output:

2007-11-08 11:18:43 internal joakim 127.0.0.1 
"org/codehaus/plexus/plexus-utils/1.0.4/plexus-utils-1.0.4.jar" "Created 
File (proxied)"
2007-11-08 11:18:43 internal joakim 127.0.0.1 
"org/codehaus/plexus/plexus-compiler-manager/1.5.3/plexus-compiler-manager-1.5.3.jar" 
"Created File (proxied)"
2007-11-08 11:19:00 internal joakim 127.0.0.1 
"org/apache/maven/maven/2.0.6/maven-2.0.6.pom" "Created File (proxied)"
2007-11-08 11:19:01 internal joakim 127.0.0.1 
"org/apache/maven/maven-settings/2.0.6/maven-settings-2.0.6.pom" 
"Created File (proxied)"
2007-11-08 11:32:06 internal joakim 127.0.0.1 "/net" "Created Directory"
2007-11-08 11:32:06 internal joakim 127.0.0.1 "/net/erdfelt" "Created 
Directory"
2007-11-08 11:32:06 internal joakim 127.0.0.1 "/net/erdfelt/sysutils" 
"Created Directory"
2007-11-08 11:32:06 internal joakim 127.0.0.1 
"/net/erdfelt/sysutils/1.1" "Created Directory"
2007-11-08 11:32:06 internal joakim 127.0.0.1 
"/net/erdfelt/sysutils/1.1/sysutils-1.1.jar" "Created File"
2007-11-08 11:32:07 internal joakim 127.0.0.1 
"/net/erdfelt/sysutils/1.1/sysutils-1.1.jar.md5" "Created File"
2007-11-08 11:32:07 internal joakim 127.0.0.1 
"/net/erdfelt/sysutils/1.1/sysutils-1.1.jar.sha1" "Created File"
2007-11-08 11:32:08 internal joakim 127.0.0.1 
"/net/erdfelt/sysutils/1.1/sysutils-1.1.pom" "Created File"
2007-11-08 11:32:08 internal joakim 127.0.0.1 
"/net/erdfelt/sysutils/1.1/sysutils-1.1.pom.md5" "Created File"
2007-11-08 11:32:08 internal joakim 127.0.0.1 
"/net/erdfelt/sysutils/1.1/sysutils-1.1.pom.sha1" "Created File"
2007-11-08 11:32:09 internal joakim 127.0.0.1 
"/net/erdfelt/sysutils/maven-metadata.xml" "Created File"
2007-11-08 11:32:09 internal joakim 127.0.0.1 
"/net/erdfelt/sysutils/maven-metadata.xml.md5" "Created File"
2007-11-08 11:32:09 internal joakim 127.0.0.1 
"/net/erdfelt/sysutils/maven-metadata.xml.sha1" "Created File"

This is hooked up into the ProxiedDavServer component at the moment, but 
in a discussion with Wendy on irc, I identified a few more potential 
places to generate audit log from ...

1) Repository Configuration Create
2) Repository Configuration Edit
3) Repository Configuration Delete
4) Proxy Connector Create
5) Proxy Connector Edit
6) Proxy Connector Delete
7) Metadata Merge
8) Auto-Remove Consumer
9) Auto-Rename Consumer
10) Snapshot Repository Purge Consumer
11) Scan Start
12) Scan End

We both agreed that #10 (Snapshot Repository Purge Consumer) is an 
obvious one to hook up.
What are the feelings of the rest of developers and users of archiva?
What else should be logged?
What kind of guidelines should be placed on audit logging?

Also, what should we use in the log field for "user id" and "remote ip" 
when logging from consumers?
One idea would be to use "[consumer]" or "[purge]" style/format for the 
"user id" field, and "0.0.0.0" for remote ip in this situation.

Comments?

-- 
- Joakim Erdfelt
  joakim@erdfelt.com
  Open Source Software (OSS) Developer

Re: [DISCUSS] [MRM-564] Audit Logging.

Posted by Brett Porter <br...@apache.org>.

On 09/11/2007, at 5:48 AM, Joakim Erdfelt wrote:

> 1) Repository Configuration Create
> 2) Repository Configuration Edit
> 3) Repository Configuration Delete
> 4) Proxy Connector Create
> 5) Proxy Connector Edit
> 6) Proxy Connector Delete

I would put these in a separate log, probably

> 7) Metadata Merge

not sure about this one?

> 8) Auto-Remove Consumer
> 9) Auto-Rename Consumer
> 10) Snapshot Repository Purge Consumer

sounds good - but happy for that to be filed as a new issue for the  
future (and include Wendy's additional comments about logging changes  
noticed during the scan)

> 11) Scan Start
> 12) Scan End

already in the main log?

> Also, what should we use in the log field for "user id" and "remote  
> ip" when logging from consumers?
> One idea would be to use "[consumer]" or "[purge]" style/format for  
> the "user id" field, and "0.0.0.0" for remote ip in this situation.

I'd just put N/A (or "-") in each field in that case, and add  
something meaningful to the action (automatically removed snapshot  
due as it was older than 90 days, etc).

Cheers,
Brett

--
Brett Porter - brett@apache.org
Blog: http://www.devzuz.org/blogs/bporter/