commit | 1d0cff17c2727f5ff3c06ec6b377a6f8c1f67fd6 | [log] [tgz] |
---|---|---|
author | Luca Milanesio <luca.milanesio@gmail.com> | Wed Oct 19 23:38:21 2022 +0100 |
committer | Luca Milanesio <luca.milanesio@gmail.com> | Wed Oct 19 23:38:21 2022 +0100 |
tree | f95d7abcf14e509b29556d1f68cd7bf8169d7f77 | |
parent | 30386f82fd0a29ac7d74f186948c7e413166e7fb [diff] | |
parent | 002edf575c84675fbf4208b0f9ba643992e88c84 [diff] |
Merge branch 'stable-3.3' * stable-3.3: Add missing @Override to SSHLog.toAuditLog Fix config.md keys using @PLUGIN@ placeholder Revert "Remove getCacheKey() from AuditUser" Change-Id: I9ca77f1ae443b81f13d5b59ad473a6050ab52624
Plug into the Gerrit Code Review audit extension and format and forward all the events to an SLF4J appender, the same logging system used internally for the generation of all logs..
Audit events are by default stored into the Gerrit error_log under the appender com.googlesource.gerrit.plugins.auditsl4j.LoggerAudit
. However, it is possible to generate a separate audit file and having the audit records formatted into CSV or JSON.
For more details, see the configuration guide in the plugin.
Audits leave an immutable trace of what happened on Gerrit and allows to answer the question “who did what and when?”.
When aggregated by time, project or user, can give an overall figure on how much the system is utilized and allow to make a better planning of the hardware resources allocation and planning the downtimes to reduce the impact on the people and projects.
Gerrit stream events are triggered on Git-related operations and reviews, but do not cover most of the actions that happen on Gerrit and do not include all the system information that is typically needed for audit-trail purposes.
Furthermore, stream events are designed to be consumed in near-real-time while audits, are typically archived and consumed off-line.
The format of Gerrit audits changes across the different releases because they reflect the internal representation of the Java objects in memory.
They share an overall basic structure:
Example audit of a login from a Git client over SSH:
{ "type": "SshAuditEvent", "event": { "session_id": "0261c43e", "who": { "account_id": { "id": 1011575 }, "access_path": "GIT", "last_login_external_id_property_key": {} }, "when": 1539561891898, "what": "LOGOUT", "params": {}, "result": "0", "time_at_start": 1539561891898, "elapsed": 0, "uuid": { "uuid": "audit:f135cb10-59be-4087-a9e0-571680b93a59" } } }
Example audit of a Gerrit changes query over SSH:
{ "type": "SshAuditEvent", "event": { "session_id": "22688824", "who": { "account_id": { "id": 1011203 }, "access_path": "SSH_COMMAND", "last_login_external_id_property_key": {} }, "when": 1539561891503, "what": "gerrit.query.--format.json.--current-patch-set.project:mycompany/myproject commit:798b22fcf3614e8575e0ef23019a9706b8acebcc NOT is:draft", "params": {}, "result": "0", "time_at_start": 1539561891503, "elapsed": 3, "uuid": { "uuid": "audit:171a9b6f-327a-40a2-9b66-c47a39eba68c" } } }
The makes available an ssh command to transform http_logs
and ssh_logs
into Audit Logs:
ssh -p 29418 admin@localhost audit-sl4j transform --from 2019-01-23 --until 2019-01-24