s3-proxy icon indicating copy to clipboard operation
s3-proxy copied to clipboard

Published 20 hours ago verified publisher icon oxyno-zeta

Handling method for storing audit log to somewhere

Open jeyraof opened this issue 1 year ago • 4 comments

(question) Im happy to find out this proejct. thank you.

In my environment, I have to remain some user(admin)'s activity on admin page to track abnormal usage. So I want to save this specified log to somewhere such as DB, STDOUT(need formatted) and so on.

Can I use Log feature for this?

jeyraof avatar Jan 19 '24 06:01 jeyraof

Hello,

There isn't such pages or admin view. Admins are the one that configure the project but there is nothing else. What are you looking for exactly ?

Regards,

oxyno-zeta avatar Jan 19 '24 07:01 oxyno-zeta

@oxyno-zeta I apologize for the delay in responding. I run a number of different admin tools. This time I needed to give non-developers access to S3, so I was looking around and came across S3Proxy and was checking to see if I could use it in my current environment. As with many admin tools (like retool), I want to keep a record of the users who use S3Proxy to cause different behaviors.

For example, a simple log:

A user renamed file A.
A user uploaded file B.
A user moved the location of file C to D.

or, structured data:

user,action,resource,some,when
A,rename,A,,2024-01-21 09:03:21
A,upload,B,,2024-01-21 09:03:22
A,move,C,D,2024-01-21 09:03:23

like this. This is what I wanted to call an audit log.

Thank you.

jeyraof avatar Jan 21 '24 11:01 jeyraof

@jeyraof : No worry :)

The project doesn't offer direct access to this format. Logs must be correlated to have this result.

Here is an example:

time="2024-01-21T22:11:08+01:00" level=info msg="OIDC User authenticated: user" client_ip="127.0.0.1:43018" http_method=GET http_proto=HTTP/1.1 http_scheme=http remote_addr="127.0.0.1:43018" req_id=0G0uaZFGZu-000001 uri="http://localhost:8080/mount/folder1/test.txt" user_agent=Go-http-client/1.1
time="2024-01-21T22:11:08+01:00" level=info msg="OIDC user user authorized" client_ip="127.0.0.1:43018" http_method=GET http_proto=HTTP/1.1 http_scheme=http remote_addr="127.0.0.1:43018" req_id=0G0uaZFGZu-000001 uri="http://localhost:8080/mount/folder1/test.txt" user_agent=Go-http-client/1.1
time="2024-01-21T22:11:08+01:00" level=info msg="request complete" client_ip="127.0.0.1:43018" http_method=GET http_proto=HTTP/1.1 http_scheme=http remote_addr="127.0.0.1:43018" req_id=0G0uaZFGZu-000001 resp_bytes_length=14 resp_elapsed_ms=4.60983 resp_status=200 uri="http://localhost:8080/mount/folder1/test.txt" user_agent=Go-http-client/1.1

As you can see, all logs are linked to a request id "req_id". You will have to correlate logs using "req_id" to see what a user have done.

Tell me if this isn't clear.

oxyno-zeta avatar Jan 21 '24 21:01 oxyno-zeta

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 10 days

github-actions[bot] avatar Feb 22 '24 00:02 github-actions[bot]