summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStan Hu <stanhu@gmail.com>2018-10-18 23:36:46 +0000
committerStan Hu <stanhu@gmail.com>2018-10-18 23:36:46 +0000
commitc094bdb8206322eff5cdc6c22b9eafa08ff3bd2d (patch)
treed492cd74cc697bfc13ad1d4b4c29d25a7a12c4b9
parent62d8b9062025b986f489b5cd9bf5fbe44c14363b (diff)
parent143d0e26664e85be9382d1b1f8e99ead96e5d642 (diff)
downloadgitlab-ce-c094bdb8206322eff5cdc6c22b9eafa08ff3bd2d.tar.gz
Merge branch 'sh-add-audit-logging-json-ce' into 'master'
Add support for JSON logging for audit events See merge request gitlab-org/gitlab-ce!22471
-rw-r--r--app/services/audit_event_service.rb26
-rw-r--r--changelogs/unreleased/sh-add-audit-logging-json-ce.yml5
-rw-r--r--doc/administration/logs.md14
-rw-r--r--lib/gitlab/audit_json_logger.rb9
-rw-r--r--spec/services/audit_event_service_spec.rb26
5 files changed, 76 insertions, 4 deletions
diff --git a/app/services/audit_event_service.rb b/app/services/audit_event_service.rb
index 4c5e22bdd7e..201048aaba5 100644
--- a/app/services/audit_event_service.rb
+++ b/app/services/audit_event_service.rb
@@ -17,11 +17,29 @@ class AuditEventService
end
def security_event
- SecurityEvent.create(
+ log_security_event_to_file
+ log_security_event_to_database
+ end
+
+ private
+
+ def base_payload
+ {
author_id: @author.id,
entity_id: @entity.id,
- entity_type: @entity.class.name,
- details: @details
- )
+ entity_type: @entity.class.name
+ }
+ end
+
+ def file_logger
+ @file_logger ||= Gitlab::AuditJsonLogger.build
+ end
+
+ def log_security_event_to_file
+ file_logger.info(base_payload.merge(@details))
+ end
+
+ def log_security_event_to_database
+ SecurityEvent.create(base_payload.merge(details: @details))
end
end
diff --git a/changelogs/unreleased/sh-add-audit-logging-json-ce.yml b/changelogs/unreleased/sh-add-audit-logging-json-ce.yml
new file mode 100644
index 00000000000..3c0a27da269
--- /dev/null
+++ b/changelogs/unreleased/sh-add-audit-logging-json-ce.yml
@@ -0,0 +1,5 @@
+---
+title: Add support for JSON logging for audit events
+merge_request: 22471
+author:
+type: added
diff --git a/doc/administration/logs.md b/doc/administration/logs.md
index a8cdd20581d..0e41a38b7e2 100644
--- a/doc/administration/logs.md
+++ b/doc/administration/logs.md
@@ -144,6 +144,20 @@ December 03, 2014 13:20 -> ERROR -> Command failed [1]: /usr/bin/git --git-dir=/
error: failed to push some refs to '/Users/vsizov/gitlab-development-kit/repositories/gitlabhq/gitlab_git.git'
```
+## `audit_json.log`
+
+This file lives in `/var/log/gitlab/gitlab-rails/audit_json.log` for
+Omnibus GitLab packages or in `/home/git/gitlab/log/audit_json.log` for
+installations from source.
+
+Changes to group or project settings are logged to this file. For example:
+
+```json
+{"severity":"INFO","time":"2018-10-17T17:38:22.523Z","author_id":3,"entity_id":2,"entity_type":"Project","change":"visibility","from":"Private","to":"Public","author_name":"John Doe4","target_id":2,"target_type":"Project","target_details":"namespace2/project2"}
+{"severity":"INFO","time":"2018-10-17T17:38:22.830Z","author_id":5,"entity_id":3,"entity_type":"Project","change":"name","from":"John Doe7 / project3","to":"John Doe7 / new name","author_name":"John Doe6","target_id":3,"target_type":"Project","target_details":"namespace3/project3"}
+{"severity":"INFO","time":"2018-10-17T17:38:23.175Z","author_id":7,"entity_id":4,"entity_type":"Project","change":"path","from":"","to":"namespace4/newpath","author_name":"John Doe8","target_id":4,"target_type":"Project","target_details":"namespace4/newpath"}
+```
+
## `sidekiq.log`
This file lives in `/var/log/gitlab/gitlab-rails/sidekiq.log` for
diff --git a/lib/gitlab/audit_json_logger.rb b/lib/gitlab/audit_json_logger.rb
new file mode 100644
index 00000000000..12e0645f3e4
--- /dev/null
+++ b/lib/gitlab/audit_json_logger.rb
@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+module Gitlab
+ class AuditJsonLogger < Gitlab::JsonLogger
+ def self.file_name_noext
+ 'audit_json'
+ end
+ end
+end
diff --git a/spec/services/audit_event_service_spec.rb b/spec/services/audit_event_service_spec.rb
new file mode 100644
index 00000000000..32fd98e6ef9
--- /dev/null
+++ b/spec/services/audit_event_service_spec.rb
@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe AuditEventService do
+ let(:project) { create(:project) }
+ let(:user) { create(:user) }
+ let(:project_member) { create(:project_member, user: user) }
+ let(:service) { described_class.new(user, project, { action: :destroy }) }
+ let(:logger) { instance_double(Gitlab::AuditJsonLogger) }
+
+ describe '#security_event' do
+ before do
+ expect(service).to receive(:file_logger).and_return(logger)
+ end
+
+ it 'creates an event and logs to a file' do
+ expect(logger).to receive(:info).with(author_id: user.id,
+ entity_id: project.id,
+ entity_type: "Project",
+ action: :destroy)
+
+ expect { service.security_event }.to change(SecurityEvent, :count).by(1)
+ end
+ end
+end