Audit log - Githubissues

fosshostorg / aarch64

Dashboard and API for https://console.aarch64.com

https://console.aarch64.com

GNU Affero General Public License v3.0

12 stars 7 forks source link

Audit log #24

Closed natesales closed 3 years ago

natesales commented 3 years ago

We should add an audit log that captures events on VM creation, deletion, etc to keep track of which user made which actions.

knightss27 commented 3 years ago

I agree with this. I had thought of marking down who created the vm before, but keeping track of other stuff would be nice. (e.g. who owns the project? although I think we just need to mark that as first person in the list)

natesales commented 3 years ago

That's a good point, we should also add metadata where applicable. VM documents already store a created property containing the user ID that created the VM and a timestamp.

We should also list which actions should be logged as events. Off the top of my head I would suggest the following:

Project creation
Project deletion
VM creation
VM deletion
User additions to a project
Proxy creation
Proxy deletion

Once we expose more functionality such as hypervisor control, we'll want to log those actions as well. For now I think a log collection in mongo would be sufficient unless we want to go the route of an external collector like fluentd. My vote at the moment would be a simple mongo collection.

knightss27 commented 3 years ago

Yea I think just a big audit log isn't a bad idea, although I wonder if we will need to make sure we design it so we can query it in the order of the hierarchy that already exists in the program, i.e. see all actions pertaining to a project, which would include creation of itself, vm creation and deletion, etc. This is information that we might want users to have access to, similar to a discord audit log, where if you own the project you can see actions taken on it. This would be different from a more global audit log that could also be sorted by user and include actions to their own profiles, etc. I guess you could just add a project field to the entry if it is related to a specific project, and then it would be easy to query. This is a nice example of how we might be able to lay out each entry

natesales commented 3 years ago

An audit collection will make queries easy. I've added audit logging in 8ba86dadff57c40658fb00773285300f3dd7b136. The next step here would be writing a route to get this data from the API, both with admin and user-level auth scopes.

natesales commented 3 years ago

Audit logging is done!