Added fields to ACL LOG error entries for precise time logging (#11477)

Added 3 fields to the ACL LOG - adds entry_id, timestamp_created and timestamp_last_updated, which updates similar existing log error entries. The pair - entry_id, timestamp_created is a unique identifier of this entry, in case the node dies and is restarted, it can detect that if it's a new series. The primary use case of Unique id is to uniquely identify the error messages and not to detect if the server has restarted. entry-id is the sequence number of the entry (starting at 0) since the server process started. Can also be used to check if items were "lost" if they fell between periods. timestamp-created is the unix-time in ms at the time the entry was first created. timestamp-last-updated is the unix-time in ms at the time the entry was last updated Time_created gives the absolute time which better accounts for network time as compared to time since. It can also be older than 60 secs and presently there is no field that can display the original time of creation once the error entry is updated. The reason of timestamp_last_updated field is that it provides a more precise value for the “last time” an error was seen where as, presently it is only in the 60 second period. Co-authored-by: Madelyn Olson <madelyneolson@gmail.com>
author: Roshan Khatri <117414976+roshkhatri@users.noreply.github.com> 2023-02-02 12:12:16 -0800
committer: GitHub <noreply@github.com> 2023-02-02 12:12:16 -0800
commit: ac3129543882bdb6e17c2953ec2be7c98ef840ba (patch)
tree: f5cfc74e209fcd7141b02d5edfe19eba28a4532c /src/acl.c
parent: 3b260149e0996b8ee12510b0b9508bca56743269 (diff)
download: redis-ac3129543882bdb6e17c2953ec2be7c98ef840ba.tar.gz
1 files changed, 15 insertions, 1 deletions
diff --git a/src/acl.c b/src/acl.c
index ba6b20716..6773403bd 100644
--- a/src/acl.c
+++ b/src/acl.c
@@ -53,6 +53,8 @@ list *UsersToLoad;  /* This is a list of users found in the configuration file
 list *ACLLog;       /* Our security log, the user is able to inspect that
                        using the ACL LOG command .*/
 
+long long ACLLogEntryCount = 0; /* Number of ACL log entries created */
+
 static rax *commandId = NULL; /* Command name to id mapping */
 
 static unsigned long nextid = 0; /* Next command id that has not been assigned */
@@ -2433,6 +2435,9 @@ typedef struct ACLLogEntry {
     sds username;       /* User the client is authenticated with. */
     mstime_t ctime;     /* Milliseconds time of last update to this entry. */
     sds cinfo;          /* Client info (last client if updated). */
+    long long entry_id;         /* The pair (entry_id, timestamp_created) is a unique identifier of this entry 
+                                  * in case the node dies and is restarted, it can detect that if it's a new series. */
+    mstime_t timestamp_created; /* UNIX time in milliseconds at the time of this entry's creation. */
 } ACLLogEntry;
 
 /* This function will check if ACL entries 'a' and 'b' are similar enough
@@ -2498,6 +2503,8 @@ void addACLLogEntry(client *c, int reason, int context, int argpos, sds username
     le->reason = reason;
     le->username = sdsdup(username ? username : c->user->name);
     le->ctime = commandTimeSnapshot();
+    le->entry_id = ACLLogEntryCount;
+    le->timestamp_created = le->ctime;
 
     if (object) {
         le->object = object;
@@ -2550,6 +2557,7 @@ void addACLLogEntry(client *c, int reason, int context, int argpos, sds username
     } else {
         /* Add it to our list of entries. We'll have to trim the list
          * to its maximum size. */
+        ACLLogEntryCount++; /* Incrementing the entry_id count to make each record in the log unique. */
         listAddNodeHead(ACLLog, le);
         while(listLength(ACLLog) > server.acllog_max_len) {
             listNode *ln = listLast(ACLLog);
@@ -2884,7 +2892,7 @@ void aclCommand(client *c) {
         mstime_t now = commandTimeSnapshot();
         while (count-- && (ln = listNext(&li)) != NULL) {
             ACLLogEntry *le = listNodeValue(ln);
-            addReplyMapLen(c,7);
+            addReplyMapLen(c,10);
             addReplyBulkCString(c,"count");
             addReplyLongLong(c,le->count);
 
@@ -2919,6 +2927,12 @@ void aclCommand(client *c) {
             addReplyDouble(c,age);
             addReplyBulkCString(c,"client-info");
             addReplyBulkCBuffer(c,le->cinfo,sdslen(le->cinfo));
+            addReplyBulkCString(c, "entry-id");
+            addReplyLongLong(c, le->entry_id);
+            addReplyBulkCString(c, "timestamp-created");
+            addReplyLongLong(c, le->timestamp_created);
+            addReplyBulkCString(c, "timestamp-last-updated");
+            addReplyLongLong(c, le->ctime);
         }
     } else if (!strcasecmp(sub,"dryrun") && c->argc >= 4) {
         struct redisCommand *cmd;
author	Roshan Khatri <117414976+roshkhatri@users.noreply.github.com>	2023-02-02 12:12:16 -0800
committer	GitHub <noreply@github.com>	2023-02-02 12:12:16 -0800
commit	ac3129543882bdb6e17c2953ec2be7c98ef840ba (patch)
tree	f5cfc74e209fcd7141b02d5edfe19eba28a4532c /src/acl.c
parent	3b260149e0996b8ee12510b0b9508bca56743269 (diff)
download	redis-ac3129543882bdb6e17c2953ec2be7c98ef840ba.tar.gz