Comments (7)
Thanks for the response.
Is "Audit Trail Log File Format" from jfrog standard in anyway?
Yes, it is pretty standard and complete and covers every aspect of user interactions with the jfrog system. Upon that it is very comprehensive so we can play with it in our pipeline and extract the information we need.
The idea of connecting to postgresql should properly work but I don't think this is the best approach since almost every big project has some sort of audit trailing support inside of it I think the openreplay itself should support it.
Keep in mind that with the openreplay's growing community and more production instances this feature is a must.
For the format of the audit trail it can be anything and it can also support multiple formats, the most used format is json.
from openreplay.
This is available in ee edition, see the directory ee/
Closing duplicate the feature is already implemented.
from openreplay.
thanks for the response, but I couldn't find any logic that shows it saves the audit in a file or log it to the stdout. showing them on the admin dashboard is one thing and having the logs collected is another, could you please provide some more information since I couldn't find any, digging documents and code.
from openreplay.
Spoiler: I am new to the project. I will try to be accurate.
Accessing user recorded sessions can be very dangerous and I would love to have the auditing of the system under my control and have one or two alerts on it.
No everybody can access all replays, of all projects. There are ACLs based on RBAC (Role Based Access Control).
If you are admin, you can review access directly from the Audit menu, here is a screenshot:
Look for the function trace
inside the file ee/api/chalicelib/core/traces.py
.
Hope it answer your question.
from openreplay.
So let me explain myself more.
In our infrastructure there are a lot of different services. I am responsible for collecting their audit logs and store them in elasticsearch, that way we can easily follow a suspicious user actions across all of our infrastructure.
That would be hard if I had to login to each and every service from their UI and look for the trace.
Please take a look at this page to see what I mean by having the audit logs
With this approach I can easily collect logs and store them wherever I want. After that I can set some alerts on top of the collected logs.
This is my requirement and it would be very good to have this feature in the openreplay-ui, becase as I said openreplay sessions may contain sensetive data and we need to be aware when an unauthorized access even tried to be achieved.
This owasp article about Logs should be helpful.
from openreplay.
@amirouche Any thoughts ?
from openreplay.
Thanks for the ping, I missed the previous comment.
collect logs and store them wherever I want. After that I can set some alerts on top of the collected logs.
For programmatic use, you need to read the postgresql table traces
, and possibly rely on created_at
column in a script that you will create to copy the audit trail logs to your elatissearch cluster. Here is the interesting code snippets from api service in ee:
openreplay/ee/api/chalicelib/core/traces.py
Lines 73 to 81 in 3ada6ae
Here is the schema of the table traces
:
openreplay/ee/scripts/schema/db/init_dbs/postgresql/init_schema.sql
Lines 1274 to 1287 in 3ada6ae
If you do not want to connect directly to postgresql, we can consider adding a webhook.
Please take a look at this page to see what I mean by having the audit logs
Is "Audit Trail Log File Format" from jfrog standard in anyway?
Let me know what you think.
from openreplay.
Related Issues (20)
- Tracker - Aborted request raise exception HOT 2
- Install fails with not being able to pull storage-openreplay image HOT 2
- Network Sanitizer type does not allow to return `null` HOT 2
- Error while caching asset "NotImplemented: Header 'x-amz-tagging' with value 'retention=default' not implemented" HOT 1
- Font & style assets are not being downloaded from external storage (Cloudflare R2) when viewing them in the browser HOT 2
- Older recordings are not playable after configuring external storage (session not found error)
- xhrProxy silently failing when passed URL object HOT 1
- Broken Layout While Playing Record As Configure S3 External Storage HOT 8
- Compilation Error with create-react-app HOT 2
- Uncaught (in promise) TypeError: Cannot read properties of undefined (reading 'length') at fetchProxy.js HOT 3
- Support `S3_Prefix` for S3 external storage
- Internal @openreplay/tracker bug: `Uncaught (in promise) TypeError: .for is not iterable` HOT 9
- Add custom events to api events call
- sourcemap-uploader command results in eisdir error HOT 1
- Deploy to K8S 2024/04/29 09:18:50 /root/cmd/ender/main.go:40: can't init postgres connection: pgxpool.Connect error: failed to connect to `host=/tmp user=post database=`: dial error (dial unix /tmp/.s.PGSQL.5432: connect: no such file or directory) HOT 1
- Docker installation failed HOT 3
- Calling GET on `/api/health` makes chalice unresponsive, resulting Liveness probe fail and restart HOT 1
- Optional Chaining Breaks Build of NextJS React App Using Latest Tracker v12.0.12 HOT 4
- Helm Standalone Package - Infrastructure as Code (Argo CD) HOT 2
- Allow using existing secret in charts HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from openreplay.