openreplay
openreplay copied to clipboard
openreplay
Audit logs for openreplay-ui
Hi for the past days I've been going through the documentation and github issues but I couldn't find anything related to openreplay audit logs. Are there any reason that this feature has not been developed ? I think it would be very helpful for the teams that have a centralized audit logging system to capture the audit logs of openreplay and even setup alerting on top of it. Accessing user recorded sessions can be very dangerous and I would love to have the auditing of the system under my control and have one or two alerts on it.
This is available in ee edition, see the directory ee/
Closing duplicate the feature is already implemented.
thanks for the response, but I couldn't find any logic that shows it saves the audit in a file or log it to the stdout. showing them on the admin dashboard is one thing and having the logs collected is another, could you please provide some more information since I couldn't find any, digging documents and code.
Spoiler: I am new to the project. I will try to be accurate.
Accessing user recorded sessions can be very dangerous and I would love to have the auditing of the system under my control and have one or two alerts on it.
No everybody can access all replays, of all projects. There are ACLs based on RBAC (Role Based Access Control).
If you are admin, you can review access directly from the Audit menu, here is a screenshot:
Look for the function trace inside the file ee/api/chalicelib/core/traces.py.
Hope it answer your question.
So let me explain myself more. In our infrastructure there are a lot of different services. I am responsible for collecting their audit logs and store them in elasticsearch, that way we can easily follow a suspicious user actions across all of our infrastructure. That would be hard if I had to login to each and every service from their UI and look for the trace. Please take a look at this page to see what I mean by having the audit logs With this approach I can easily collect logs and store them wherever I want. After that I can set some alerts on top of the collected logs. This is my requirement and it would be very good to have this feature in the openreplay-ui, becase as I said openreplay sessions may contain sensetive data and we need to be aware when an unauthorized access even tried to be achieved. This owasp article about Logs should be helpful.
Thanks for the ping, I missed the previous comment.
collect logs and store them wherever I want. After that I can set some alerts on top of the collected logs.
For programmatic use, you need to read the postgresql table traces, and possibly rely on created_at column in a script that you will create to copy the audit trail logs to your elatissearch cluster. Here is the interesting code snippets from api service in ee: https://github.com/openreplay/openreplay/blob/3ada6aeb42630067fe6586382a5219e9069bfaf8/ee/api/chalicelib/core/traces.py#L73-L81
Here is the schema of the table traces:
https://github.com/openreplay/openreplay/blob/3ada6aeb42630067fe6586382a5219e9069bfaf8/ee/scripts/schema/db/init_dbs/postgresql/init_schema.sql#L1274-L1287
If you do not want to connect directly to postgresql, we can consider adding a webhook.
Please take a look at this page to see what I mean by having the audit logs
Is "Audit Trail Log File Format" from jfrog standard in anyway?
Let me know what you think.
Thanks for the response.
Is "Audit Trail Log File Format" from jfrog standard in anyway?
Yes, it is pretty standard and complete and covers every aspect of user interactions with the jfrog system. Upon that it is very comprehensive so we can play with it in our pipeline and extract the information we need.
The idea of connecting to postgresql should properly work but I don't think this is the best approach since almost every big project has some sort of audit trailing support inside of it I think the openreplay itself should support it. Keep in mind that with the openreplay's growing community and more production instances this feature is a must.
For the format of the audit trail it can be anything and it can also support multiple formats, the most used format is json.