Audit Service Configuration

Table of Contents

Introduction
Configuration
- Environment Variables
- YAML Example

Introduction

The audit service logs all events of the system as an audit log. With audit logs, you are able to prove compliance with corporate and legal guidelines as well as enable reporting and auditing of operations.

Supported log formats are json or a minimal human-readable format. The audit service takes note of actions conducted by users and administrators.

Example minimal format

file_delete)
   user 'user_id' trashed file 'item_id'
file_trash_delete)
   user 'user_id' removed file 'item_id' from trashbin

Example json

{"RemoteAddr":"","User":"user_id","URL":"","Method":"","UserAgent":"","Time":"","App":"admin_audit","Message":"user 'user_id' trashed file 'item_id'","Action":"file_delete","CLI":false,"Level":1,"Path":"path","Owner":"user_id","FileID":"item_id"}
{"RemoteAddr":"","User":"user_id","URL":"","Method":"","UserAgent":"","Time":"","App":"admin_audit","Message":"user 'user_id' removed file 'item_id' from trashbin","Action":"file_trash_delete","CLI":false,"Level":1,"Path":"path","Owner":"user_id","FileID":"item_id"}

The audit service is not started automatically when running as single binary started via ocis server or when running as docker container and must be started and stopped manually on demand.

Per default, it will be logged to standard out, but can also be configured to write into a file. Note that when a file output is used, it is not part of the standard log file but a separate one.

The audit service logs:

File system operations
(create/delete/move; including actions on the trash bin and versioning)
User management operations
(creation/deletion of users)
Sharing operations
(user/group sharing, sharing via link, changing permissions, calls to sharing API from clients)

Configuration

Environment Variables

The audit service is configured via the following environment variables. Read the Environment Variable Types documentation for important details.

4.0.5

Environment variables for the audit service
Name	Type	Default Value	Description
`OCIS_TRACING_ENABLED` `AUDIT_TRACING_ENABLED`	bool	false	Activates tracing.
`OCIS_TRACING_TYPE` `AUDIT_TRACING_TYPE`	string		The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now.
`OCIS_TRACING_ENDPOINT` `AUDIT_TRACING_ENDPOINT`	string		The endpoint of the tracing agent.
`OCIS_TRACING_COLLECTOR` `AUDIT_TRACING_COLLECTOR`	string		The HTTP endpoint for sending spans directly to a collector, i.e. http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset.
`OCIS_LOG_LEVEL` `AUDIT_LOG_LEVEL`	string		The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'.
`OCIS_LOG_PRETTY` `AUDIT_LOG_PRETTY`	bool	false	Activates pretty log output.
`OCIS_LOG_COLOR` `AUDIT_LOG_COLOR`	bool	false	Activates colorized log output.
`OCIS_LOG_FILE` `AUDIT_LOG_FILE`	string		The path to the log file. Activates logging to this file if set.
`AUDIT_DEBUG_ADDR`	string	127.0.0.1:9229	Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.
`AUDIT_DEBUG_TOKEN`	string		Token to secure the metrics endpoint.
`AUDIT_DEBUG_PPROF`	bool	false	Enables pprof, which can be used for profiling.
`AUDIT_DEBUG_ZPAGES`	bool	false	Enables zpages, which can be used for collecting and viewing in-memory traces.
`OCIS_EVENTS_ENDPOINT` `AUDIT_EVENTS_ENDPOINT`	string	127.0.0.1:9233	The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.
`OCIS_EVENTS_CLUSTER` `AUDIT_EVENTS_CLUSTER`	string	ocis-cluster	The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system.
`OCIS_INSECURE` `AUDIT_EVENTS_TLS_INSECURE`	bool	false	Whether to verify the server TLS certificates.
`OCIS_EVENTS_TLS_ROOT_CA_CERTIFICATE` `AUDIT_EVENTS_TLS_ROOT_CA_CERTIFICATE`	string		The root CA certificate used to validate the server’s TLS certificate. If provided AUDIT_EVENTS_TLS_INSECURE will be seen as false.
`OCIS_EVENTS_ENABLE_TLS` `AUDIT_EVENTS_ENABLE_TLS`	bool	false	Enable TLS for the connection to the events broker. The events broker is the ocis service which receives and delivers events between the services..
`AUDIT_LOG_TO_CONSOLE`	bool	true	Logs to Stdout if true. Independent of the log to file option.
`AUDIT_LOG_TO_FILE`	bool	false	Logs to file if true. Independent of the log to Stdout file option.
`AUDIT_FILEPATH`	string		Filepath to the logfile. Mandatory if LogToFile is true.
`AUDIT_FORMAT`	string	json	Log format. Using json is advised.

YAML Example

Note that the filename shown below has been chosen on purpose.
See the Configuration File Naming for details when setting up your own configuration.

4.0.5

# Autogenerated
# Filename: audit-config-example.yaml

tracing:
  enabled: false
  type: ""
  endpoint: ""
  collector: ""
log:
  level: ""
  pretty: false
  color: false
  file: ""
debug:
  addr: 127.0.0.1:9229
  token: ""
  pprof: false
  zpages: false
events:
  endpoint: 127.0.0.1:9233
  cluster: ocis-cluster
  tls_insecure: false
  tls_root_ca_certificate: ""
  enable_tls: false
auditlog:
  log_to_console: true
  log_to_file: false
  filepath: ""
  format: json