Audit Service Configuration
Introduction
The audit service logs all events of the system as an audit log. With audit logs, you are able to prove compliance with corporate and legal guidelines as well as enable reporting and auditing of operations.
Supported log formats are json or a minimal human-readable format. The audit service takes note of actions conducted by users and administrators.
- Example minimal format
file_delete)
user 'user_id' trashed file 'item_id'
file_trash_delete)
user 'user_id' removed file 'item_id' from trashbin- Example json
{"RemoteAddr":"","User":"user_id","URL":"","Method":"","UserAgent":"","Time":"","App":"admin_audit","Message":"user 'user_id' trashed file 'item_id'","Action":"file_delete","CLI":false,"Level":1,"Path":"path","Owner":"user_id","FileID":"item_id"}
{"RemoteAddr":"","User":"user_id","URL":"","Method":"","UserAgent":"","Time":"","App":"admin_audit","Message":"user 'user_id' removed file 'item_id' from trashbin","Action":"file_trash_delete","CLI":false,"Level":1,"Path":"path","Owner":"user_id","FileID":"item_id"}The audit service is not started automatically when running as single binary started via ocis server or when running as docker container and must be started and stopped manually on demand.
Per default, it will be logged to standard out, but can also be configured to write into a file. Note that when a file output is used, it is not part of the standard log file but a separate one.
The audit service logs:
-
File system operations
(create/delete/move; including actions on the trash bin and versioning) -
User management operations
(creation/deletion of users) -
Sharing operations
(user/group sharing, sharing via link, changing permissions, calls to sharing API from clients)
Event Bus Configuration
The Infinite Scale event bus can be configured by a set of environment variables.
|
Note that for each global environment variable, a service-based one might be available additionally. For precedences see Environment Variable Notes. Check the configuration section below.
Without the aim of completeness, see the list of environment variables to configure the event bus:
| Envvar | Description |
|---|---|
|
The address of the event system. |
|
The clusterID of the event system. Mandatory when using NATS as event system. |
|
Enable TLS for the connection to the events broker. |
|
Whether to verify the server TLS certificates. |
|
The username to authenticate with the events broker. |
|
The password to authenticate with the events broker. |
Configuration
Environment Variables
The audit service is configured via the following environment variables. Read the Environment Variable Types documentation for important details.
| Name | Type | Default Value | Description |
|---|---|---|---|
|
bool |
false |
Activates tracing. |
|
string |
|
The type of tracing. Defaults to '', which is the same as 'jaeger'. Allowed tracing types are 'jaeger' and '' as of now. |
|
string |
|
The endpoint of the tracing agent. |
|
string |
|
The HTTP endpoint for sending spans directly to a collector, i.e. http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset. |
|
string |
|
The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'. |
|
bool |
false |
Activates pretty log output. |
|
bool |
false |
Activates colorized log output. |
|
string |
|
The path to the log file. Activates logging to this file if set. |
|
string |
127.0.0.1:9229 |
Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed. |
|
string |
|
Token to secure the metrics endpoint. |
|
bool |
false |
Enables pprof, which can be used for profiling. |
|
bool |
false |
Enables zpages, which can be used for collecting and viewing in-memory traces. |
|
string |
127.0.0.1:9233 |
The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. |
|
string |
ocis-cluster |
The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system. |
|
bool |
false |
Whether to verify the server TLS certificates. |
|
string |
|
The root CA certificate used to validate the server’s TLS certificate. If provided AUDIT_EVENTS_TLS_INSECURE will be seen as false. |
|
bool |
false |
Enable TLS for the connection to the events broker. The events broker is the ocis service which receives and delivers events between the services. |
|
string |
|
The username to authenticate with the events broker. The events broker is the ocis service which receives and delivers events between the services. |
|
string |
|
The password to authenticate with the events broker. The events broker is the ocis service which receives and delivers events between the services. |
|
bool |
true |
Logs to stdout if set to 'true'. Independent of the LOG_TO_FILE option. |
|
bool |
false |
Logs to file if set to 'true'. Independent of the LOG_TO_CONSOLE option. |
|
string |
|
Filepath of the logfile. Mandatory if LOG_TO_FILE is set to 'true'. |
|
string |
json |
Log format. Supported values are '' (empty) and 'json'. Using 'json' is advised, '' (empty) renders the 'minimal' format. See the text description for more details. |
YAML Example
-
Note the file shown below must be renamed and placed in the correct folder according to the Configuration File Naming conventions to be effective.
-
See the Notes for Environment Variables if you want to use environment variables in the yaml file.
# Autogenerated
# Filename: audit-config-example.yaml
tracing:
enabled: false
type: ""
endpoint: ""
collector: ""
log:
level: ""
pretty: false
color: false
file: ""
debug:
addr: 127.0.0.1:9229
token: ""
pprof: false
zpages: false
events:
endpoint: 127.0.0.1:9233
cluster: ocis-cluster
tls_insecure: false
tls_root_ca_certificate: ""
enable_tls: false
username: ""
password: ""
auditlog:
log_to_console: true
log_to_file: false
filepath: ""
format: json