Audit Service Configuration

Introduction

The audit service logs all events of the system as an audit log. Per default, it will be logged to standard out, but can also be configured to a file output. Supported log formats are json or a minimal human-readable format.

With audit logs, you are able to prove compliance with corporate guidelines as well as to enable reporting and auditing of operations. The audit service takes note of actions conducted by users and administrators.

Example minimal format:

file_delete)
   user 'user_id' trashed file 'item_id'
file_trash_delete)
   user 'user_id' removed file 'item_id' from trashbin

Example json:

{"RemoteAddr":"","User":"user_id","URL":"","Method":"","UserAgent":"","Time":"","App":"admin_audit","Message":"user 'user_id' trashed file 'item_id'","Action":"file_delete","CLI":false,"Level":1,"Path":"path","Owner":"user_id","FileID":"item_id"}
{"RemoteAddr":"","User":"user_id","URL":"","Method":"","UserAgent":"","Time":"","App":"admin_audit","Message":"user 'user_id' removed file 'item_id' from trashbin","Action":"file_trash_delete","CLI":false,"Level":1,"Path":"path","Owner":"user_id","FileID":"item_id"}

The autit service is not started automatically when running as single binary started via ocis server or when running as docker container and must be started and stopped manually on demand.

The audit service logs:

  • File system operations
    (create/delete/move; including actions on the trash bin and versioning)

  • User management operations
    (creation/deletion of users)

  • Sharing operations
    (user/group sharing, sharing via link, changing permissions, calls to sharing API from clients)

Configuration

Environment Variables

The audit extension is configured via the following environment variables:

  • latest

  • 2.0.0

Environment variables for the audit service
Name Type Default Value Description

OCIS_LOG_LEVEL
AUDIT_LOG_LEVEL

string

The log level. Valid values are: "panic", "fatal", "error", "warn", "info", "debug", "trace".

OCIS_LOG_PRETTY
AUDIT_LOG_PRETTY

bool

false

Activates pretty log output.

OCIS_LOG_COLOR
AUDIT_LOG_COLOR

bool

false

Activates colorized log output.

OCIS_LOG_FILE
AUDIT_LOG_FILE

string

The path to the log file. Activates logging to this file if set.

AUDIT_DEBUG_ADDR

string

127.0.0.1:9234

Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.

AUDIT_DEBUG_TOKEN

string

Token to secure the metrics endpoint.

AUDIT_DEBUG_PPROF

bool

false

Enables pprof, which can be used for profiling.

AUDIT_DEBUG_ZPAGES

bool

false

Enables zpages, which can be used for collecting and viewing in-memory traces.

AUDIT_EVENTS_ENDPOINT

string

127.0.0.1:9233

The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.

AUDIT_EVENTS_CLUSTER

string

ocis-cluster

The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system.

AUDIT_EVENTS_GROUP

string

audit

The consumergroup of the service. One group will only get one copy of an event.

OCIS_INSECURE
AUDIT_EVENTS_TLS_INSECURE

bool

false

Whether to verify the server TLS certificates.

AUDIT_EVENTS_TLS_ROOT_CA_CERTIFICATE

string

The root CA certificate used to validate the server’s TLS certificate. If provided AUDIT_EVENTS_TLS_INSECURE will be seen as false.

OCIS_EVENTS_ENABLE_TLS
AUDIT_EVENTS_ENABLE_TLS

bool

false

Enable TLS for the connection to the events broker. The events broker is the ocis service which receives and delivers events between the services..

AUDIT_LOG_TO_CONSOLE

bool

true

Logs to Stdout if true. Independent of the log to file option.

AUDIT_LOG_TO_FILE

bool

false

Logs to file if true. Independent of the log to Stdout file option.

AUDIT_FILEPATH

string

Filepath to the logfile. Mandatory if LogToFile is true.

AUDIT_FORMAT

string

json

Log format. Using json is advised.

Environment variables for the audit service
Name Type Default Value Description

OCIS_LOG_LEVEL
AUDIT_LOG_LEVEL

string

The log level. Valid values are: "panic", "fatal", "error", "warn", "info", "debug", "trace".

OCIS_LOG_PRETTY
AUDIT_LOG_PRETTY

bool

false

Activates pretty log output.

OCIS_LOG_COLOR
AUDIT_LOG_COLOR

bool

false

Activates colorized log output.

OCIS_LOG_FILE
AUDIT_LOG_FILE

string

The path to the log file. Activates logging to this file if set.

AUDIT_DEBUG_ADDR

string

127.0.0.1:9234

Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed.

AUDIT_DEBUG_TOKEN

string

Token to secure the metrics endpoint.

AUDIT_DEBUG_PPROF

bool

false

Enables pprof, which can be used for profiling.

AUDIT_DEBUG_ZPAGES

bool

false

Enables zpages, which can be used for collecting and viewing in-memory traces.

AUDIT_EVENTS_ENDPOINT

string

127.0.0.1:9233

The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture.

AUDIT_EVENTS_CLUSTER

string

ocis-cluster

The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system.

AUDIT_EVENTS_GROUP

string

audit

The consumergroup of the service. One group will only get one copy of an event.

OCIS_INSECURE
AUDIT_EVENTS_TLS_INSECURE

bool

false

Whether to verify the server TLS certificates.

AUDIT_EVENTS_TLS_ROOT_CA_CERTIFICATE

string

The root CA certificate used to validate the server’s TLS certificate. If provided AUDIT_EVENTS_TLS_INSECURE will be seen as false.

OCIS_EVENTS_ENABLE_TLS
AUDIT_EVENTS_ENABLE_TLS

bool

false

Enable TLS for the connection to the events broker. The events broker is the ocis service which receives and delivers events between the services..

AUDIT_LOG_TO_CONSOLE

bool

true

Logs to Stdout if true. Independent of the log to file option.

AUDIT_LOG_TO_FILE

bool

false

Logs to file if true. Independent of the log to Stdout file option.

AUDIT_FILEPATH

string

Filepath to the logfile. Mandatory if LogToFile is true.

AUDIT_FORMAT

string

json

Log format. Using json is advised.

YAML Example

  • latest

  • 2.0.0

# Autogenerated
# Filename: audit-config-example.yaml

log:
  level: ""
  pretty: false
  color: false
  file: ""
debug:
  addr: 127.0.0.1:9234
  token: ""
  pprof: false
  zpages: false
events:
  endpoint: 127.0.0.1:9233
  cluster: ocis-cluster
  group: audit
  tls_insecure: false
  tls_root_ca_certificate: ""
  enable_tls: false
auditlog:
  log_to_console: true
  log_to_file: false
  filepath: ""
  format: json
# Autogenerated
# Filename: audit-config-example.yaml

log:
  level: ""
  pretty: false
  color: false
  file: ""
debug:
  addr: 127.0.0.1:9234
  token: ""
  pprof: false
  zpages: false
events:
  endpoint: 127.0.0.1:9233
  cluster: ocis-cluster
  group: audit
  tls_insecure: false
  tls_root_ca_certificate: ""
  enable_tls: false
auditlog:
  log_to_console: true
  log_to_file: false
  filepath: ""
  format: json