Commit 143d0e26 authored by Stan Hu's avatar Stan Hu

Add support for JSON logging for audit events

This will add audit_json.log that writes one line per audit event. For
example:

{
       "severity":"INFO",
       "time":"2018-10-17T17:38:22.523Z",
       "author_id":3,
       "entity_id":2,
       "entity_type":"Project",
       "change":"visibility",
       "from":"Private",
       "to":"Public",
       "author_name":"John Doe4",
       "target_id":2,
       "target_type":"Project",
       "target_details":"namespace2/project2"
}
parent 5edf87d0
......@@ -17,11 +17,29 @@ class AuditEventService
end
def security_event
SecurityEvent.create(
log_security_event_to_file
log_security_event_to_database
end
private
def base_payload
{
author_id: @author.id,
entity_id: @entity.id,
entity_type: @entity.class.name,
details: @details
)
entity_type: @entity.class.name
}
end
def file_logger
@file_logger ||= Gitlab::AuditJsonLogger.build
end
def log_security_event_to_file
file_logger.info(base_payload.merge(@details))
end
def log_security_event_to_database
SecurityEvent.create(base_payload.merge(details: @details))
end
end
---
title: Add support for JSON logging for audit events
merge_request: 22471
author:
type: added
......@@ -144,6 +144,20 @@ December 03, 2014 13:20 -> ERROR -> Command failed [1]: /usr/bin/git --git-dir=/
error: failed to push some refs to '/Users/vsizov/gitlab-development-kit/repositories/gitlabhq/gitlab_git.git'
```
## `audit_json.log`
This file lives in `/var/log/gitlab/gitlab-rails/audit_json.log` for
Omnibus GitLab packages or in `/home/git/gitlab/log/audit_json.log` for
installations from source.
Changes to group or project settings are logged to this file. For example:
```json
{"severity":"INFO","time":"2018-10-17T17:38:22.523Z","author_id":3,"entity_id":2,"entity_type":"Project","change":"visibility","from":"Private","to":"Public","author_name":"John Doe4","target_id":2,"target_type":"Project","target_details":"namespace2/project2"}
{"severity":"INFO","time":"2018-10-17T17:38:22.830Z","author_id":5,"entity_id":3,"entity_type":"Project","change":"name","from":"John Doe7 / project3","to":"John Doe7 / new name","author_name":"John Doe6","target_id":3,"target_type":"Project","target_details":"namespace3/project3"}
{"severity":"INFO","time":"2018-10-17T17:38:23.175Z","author_id":7,"entity_id":4,"entity_type":"Project","change":"path","from":"","to":"namespace4/newpath","author_name":"John Doe8","target_id":4,"target_type":"Project","target_details":"namespace4/newpath"}
```
## `sidekiq.log`
This file lives in `/var/log/gitlab/gitlab-rails/sidekiq.log` for
......
# frozen_string_literal: true
module Gitlab
class AuditJsonLogger < Gitlab::JsonLogger
def self.file_name_noext
'audit_json'
end
end
end
# frozen_string_literal: true
require 'spec_helper'
describe AuditEventService do
let(:project) { create(:project) }
let(:user) { create(:user) }
let(:project_member) { create(:project_member, user: user) }
let(:service) { described_class.new(user, project, { action: :destroy }) }
let(:logger) { instance_double(Gitlab::AuditJsonLogger) }
describe '#security_event' do
before do
expect(service).to receive(:file_logger).and_return(logger)
end
it 'creates an event and logs to a file' do
expect(logger).to receive(:info).with(author_id: user.id,
entity_id: project.id,
entity_type: "Project",
action: :destroy)
expect { service.security_event }.to change(SecurityEvent, :count).by(1)
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment