You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@archiva.apache.org by Joakim Erdfelt <jo...@erdfelt.com> on 2007/11/08 19:48:37 UTC
[DISCUSS] [MRM-564] Audit Logging.
A change was made to audit logging today (re: MRM-564)
The audit.log is now generated via a log4j logger (not direct java.io
usage).
The output contains the following structure.
"{timestamp} {repository_id} {user_id} {remote_ip} \"{resource}\"
\"{action}\""
Example output:
2007-11-08 11:18:43 internal joakim 127.0.0.1
"org/codehaus/plexus/plexus-utils/1.0.4/plexus-utils-1.0.4.jar" "Created
File (proxied)"
2007-11-08 11:18:43 internal joakim 127.0.0.1
"org/codehaus/plexus/plexus-compiler-manager/1.5.3/plexus-compiler-manager-1.5.3.jar"
"Created File (proxied)"
2007-11-08 11:19:00 internal joakim 127.0.0.1
"org/apache/maven/maven/2.0.6/maven-2.0.6.pom" "Created File (proxied)"
2007-11-08 11:19:01 internal joakim 127.0.0.1
"org/apache/maven/maven-settings/2.0.6/maven-settings-2.0.6.pom"
"Created File (proxied)"
2007-11-08 11:32:06 internal joakim 127.0.0.1 "/net" "Created Directory"
2007-11-08 11:32:06 internal joakim 127.0.0.1 "/net/erdfelt" "Created
Directory"
2007-11-08 11:32:06 internal joakim 127.0.0.1 "/net/erdfelt/sysutils"
"Created Directory"
2007-11-08 11:32:06 internal joakim 127.0.0.1
"/net/erdfelt/sysutils/1.1" "Created Directory"
2007-11-08 11:32:06 internal joakim 127.0.0.1
"/net/erdfelt/sysutils/1.1/sysutils-1.1.jar" "Created File"
2007-11-08 11:32:07 internal joakim 127.0.0.1
"/net/erdfelt/sysutils/1.1/sysutils-1.1.jar.md5" "Created File"
2007-11-08 11:32:07 internal joakim 127.0.0.1
"/net/erdfelt/sysutils/1.1/sysutils-1.1.jar.sha1" "Created File"
2007-11-08 11:32:08 internal joakim 127.0.0.1
"/net/erdfelt/sysutils/1.1/sysutils-1.1.pom" "Created File"
2007-11-08 11:32:08 internal joakim 127.0.0.1
"/net/erdfelt/sysutils/1.1/sysutils-1.1.pom.md5" "Created File"
2007-11-08 11:32:08 internal joakim 127.0.0.1
"/net/erdfelt/sysutils/1.1/sysutils-1.1.pom.sha1" "Created File"
2007-11-08 11:32:09 internal joakim 127.0.0.1
"/net/erdfelt/sysutils/maven-metadata.xml" "Created File"
2007-11-08 11:32:09 internal joakim 127.0.0.1
"/net/erdfelt/sysutils/maven-metadata.xml.md5" "Created File"
2007-11-08 11:32:09 internal joakim 127.0.0.1
"/net/erdfelt/sysutils/maven-metadata.xml.sha1" "Created File"
This is hooked up into the ProxiedDavServer component at the moment, but
in a discussion with Wendy on irc, I identified a few more potential
places to generate audit log from ...
1) Repository Configuration Create
2) Repository Configuration Edit
3) Repository Configuration Delete
4) Proxy Connector Create
5) Proxy Connector Edit
6) Proxy Connector Delete
7) Metadata Merge
8) Auto-Remove Consumer
9) Auto-Rename Consumer
10) Snapshot Repository Purge Consumer
11) Scan Start
12) Scan End
We both agreed that #10 (Snapshot Repository Purge Consumer) is an
obvious one to hook up.
What are the feelings of the rest of developers and users of archiva?
What else should be logged?
What kind of guidelines should be placed on audit logging?
Also, what should we use in the log field for "user id" and "remote ip"
when logging from consumers?
One idea would be to use "[consumer]" or "[purge]" style/format for the
"user id" field, and "0.0.0.0" for remote ip in this situation.
Comments?
--
- Joakim Erdfelt
joakim@erdfelt.com
Open Source Software (OSS) Developer
Re: [DISCUSS] [MRM-564] Audit Logging.
Posted by Brett Porter <br...@apache.org>.
On 09/11/2007, at 5:48 AM, Joakim Erdfelt wrote:
> 1) Repository Configuration Create
> 2) Repository Configuration Edit
> 3) Repository Configuration Delete
> 4) Proxy Connector Create
> 5) Proxy Connector Edit
> 6) Proxy Connector Delete
I would put these in a separate log, probably
> 7) Metadata Merge
not sure about this one?
> 8) Auto-Remove Consumer
> 9) Auto-Rename Consumer
> 10) Snapshot Repository Purge Consumer
sounds good - but happy for that to be filed as a new issue for the
future (and include Wendy's additional comments about logging changes
noticed during the scan)
> 11) Scan Start
> 12) Scan End
already in the main log?
> Also, what should we use in the log field for "user id" and "remote
> ip" when logging from consumers?
> One idea would be to use "[consumer]" or "[purge]" style/format for
> the "user id" field, and "0.0.0.0" for remote ip in this situation.
I'd just put N/A (or "-") in each field in that case, and add
something meaningful to the action (automatically removed snapshot
due as it was older than 90 days, etc).
Cheers,
Brett
--
Brett Porter - brett@apache.org
Blog: http://www.devzuz.org/blogs/bporter/