Closed devlucassantos closed 2 years ago
For simplicity sake we'll add only one variable that allow a user to enable different activity entities and specify a custom time (if needed). For example:
LOG_EXPORT_CONTAINER_EXTRACT_AUDIT="activities:15 resources:15 users:480 roles:480"
or
LOG_EXPORT_CONTAINER_EXTRACT_AUDIT="activities resources:15 users:480 roles:480"
Notes:
LOG_EXPORT_CONTAINER_EXTRACT_AUDIT_ACTIVITIES=true
, LEC will omit the entry in LOG_EXPORT_CONTAINER_EXTRACT_AUDIT
and execute according to what was previously configured.About config clash for activities, take a look at the following example:
LOG_EXPORT_CONTAINER_EXTRACT_AUDIT_ACTIVITIES=true
LOG_EXPORT_CONTAINER_EXTRACT_AUDIT_ACTIVITIES_INTERVAL=30
LOG_EXPORT_CONTAINER_EXTRACT_AUDIT="activities:15 resources:15 users:480 roles:480"
The system should extract audit activities every 30m, resources every 15m, users every 8h and roles every 8h.
Because yaml has some problems interpreting colon symbols in variables, we'll change to forward slashes. For example:
LOG_EXPORT_CONTAINER_EXTRACT_AUDIT="activities/15 resources/15 users/480 roles/480"
If there's a config similar to this:
LOG_EXPORT_CONTAINER_EXTRACT_AUDIT_ACTIVITIES=true
LOG_EXPORT_CONTAINER_EXTRACT_AUDIT="activities/13 resources/15 users/480 roles/480"
LEC is going to interpret activities extraction interval time = 13m
. But, if:
LOG_EXPORT_CONTAINER_EXTRACT_AUDIT_ACTIVITIES=true
LOG_EXPORT_CONTAINER_EXTRACT_AUDIT_ACTIVITIES_INTERVAL=30
LOG_EXPORT_CONTAINER_EXTRACT_AUDIT="activities/13 resources/15 users/480 roles/480"
LEC is going to interpret activities extraction interval time = 30m
. if:
LOG_EXPORT_CONTAINER_EXTRACT_AUDIT_ACTIVITIES=false
LOG_EXPORT_CONTAINER_EXTRACT_AUDIT_ACTIVITIES_INTERVAL=30
LOG_EXPORT_CONTAINER_EXTRACT_AUDIT="activities/13 resources/15 users/480 roles/480"
LEC is going to interpret activities extraction interval time = 30m
The path LOG_EXPORT_CONTAINER_EXTRACT_AUDIT_ACTIVITIES
has precedence over LOG_EXPORT_CONTAINER_EXTRACT_AUDIT
because it's more specific.
Is your feature request related to a problem? Please describe. Currently the LEC already supports the auditing of activities through the strongDM CLI, but it still does not support the auditing for users, roles and resources which is interesting to add.
Describe the solution you'd like Add support for auditing users, roles and resources through commands already available in the strongDM CLI.
Additional context It should be considered that the commands for auditing users and roles in the strongDM CLI do not have a time filtering tool, therefore, this data can become a data in constant redundancy.