Commit 3f8ea064 authored by ale's avatar ale

Add an option to send audit logs directly to syslog

parent 5673fb56
Pipeline #5077 passed with stages
in 4 minutes and 7 seconds
package accountserver
import (
"bytes"
"encoding/json"
"io"
"log"
"log/syslog"
)
// A fixed log_type makes it possible to limit searches to this
......@@ -23,9 +26,7 @@ type auditLogEntry struct {
ResourceType string `json:"resource_type,omitempty"`
}
type syslogAuditLogger struct{}
func (l *syslogAuditLogger) Log(rctx *RequestContext, rsrc *Resource, what string) {
func buildAuditMessage(rctx *RequestContext, rsrc *Resource, what string) []byte {
e := auditLogEntry{
LogType: auditLogType,
Message: what,
......@@ -45,13 +46,37 @@ func (l *syslogAuditLogger) Log(rctx *RequestContext, rsrc *Resource, what strin
if rsrc != nil {
e.ResourceName = rsrc.Name
e.ResourceType = rsrc.Type
// TODO: redundant?
//if u := rid.User(); u != "" {
// e.User = u
//}
}
if data, err := json.Marshal(&e); err == nil {
log.Printf("@cee:%s", data)
var buf bytes.Buffer
io.WriteString(&buf, "@cee:")
json.NewEncoder(&buf).Encode(&e)
return buf.Bytes()
}
type stderrAuditLogger struct{}
func newStderrAuditLogger() auditLogger {
return &stderrAuditLogger{}
}
func (l *stderrAuditLogger) Log(rctx *RequestContext, rsrc *Resource, what string) {
log.Printf("%s", string(buildAuditMessage(rctx, rsrc, what)))
}
type syslogAuditLogger struct {
w *syslog.Writer
}
func newSyslogAuditLogger() auditLogger {
w, err := syslog.New(syslog.LOG_INFO|syslog.LOG_DAEMON, "")
if err != nil {
log.Printf("warning: could not initialize syslog, logging to stderr instead")
return newStderrAuditLogger()
}
return &syslogAuditLogger{w}
}
func (l *syslogAuditLogger) Log(rctx *RequestContext, rsrc *Resource, what string) {
l.w.Write(buildAuditMessage(rctx, rsrc, what))
}
......@@ -28,6 +28,7 @@ type Config struct {
UserMetaDB *clientutil.BackendConfig `yaml:"user_meta_server"`
EnableOpportunisticEncryption bool `yaml:"auto_enable_encryption"`
AuditLogsToSyslog bool `yaml:"audit_syslog"`
}
func (c *Config) compile() error {
......
......@@ -119,10 +119,14 @@ func newAccountServiceWithSSO(backend Backend, config *Config, ssoValidator sso.
s := &AccountService{
authService: newAuthService(config, ssoValidator),
audit: &syslogAuditLogger{},
backend: backend,
enableOpportunisticEncryption: config.EnableOpportunisticEncryption,
}
if config.AuditLogsToSyslog {
s.audit = newSyslogAuditLogger()
} else {
s.audit = newStderrAuditLogger()
}
if config.UserMetaDB != nil {
var err error
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment