commit | 6bb712ec5d9d037b12013b3f80ba2ddff75bde28 | [log] [tgz] |
---|---|---|
author | Fabio Ponciroli <ponch78@gmail.com> | Wed Nov 21 10:36:52 2018 +0100 |
committer | Fabio Ponciroli <ponch78@gmail.com> | Wed Nov 21 09:43:01 2018 +0000 |
tree | 5bc7e3ea0b4879ddbe8b8e4763ce2e8d2562605a | |
parent | 2e2b3d94341362362896ab97813e4c16448d297c [diff] |
Remove unneeded RpcAuditEvent RpcAuditEvent are no more used in Gerrit since the GWT UI has been removed (https://gerrit-review.googlesource.com/c/gerrit/+/204940). No need to audit them anymore. Bug: Issue 10072 Change-Id: I523d0169e1e51baf43ab9593cec328c046de48c5
Plug into the Gerrit Code Review audit extension and format and forward all the events to an SLF4J appender, the same logging system used internally for the generation of all logs..
Audit events are by default stored into the Gerrit error_log under the appender com.googlesource.gerrit.plugins.auditsl4j.LoggerAudit
. However, it is possible to generate a separate audit file and having the audit records formatted into CSV or JSON.
For more details, see the configuration guide in the plugin.
Audits leave an immutable trace of what happened on Gerrit and allows to answer the question “who did what and when?”.
When aggregated by time, project or user, can give an overall figure on how much the system is utilized and allow to make a better planning of the hardware resources allocation and planning the downtimes to reduce the impact on the people and projects.
Gerrit stream events are triggered on Git-related operations and reviews, but do not cover most of the actions that happen on Gerrit and do not include all the system information that is typically needed for audit-trail purposes.
Furthermore, stream events are designed to be consumed in near-real-time while audits, are typically archived and consumed off-line.
The format of Gerrit audits changes across the different releases because they reflect the internal representation of the Java objects in memory.
They share an overall basic structure:
Example audit of a login from a Git client over SSH:
{ "type": "SshAuditEvent", "event": { "session_id": "0261c43e", "who": { "account_id": { "id": 1011575 }, "access_path": "GIT", "last_login_external_id_property_key": {} }, "when": 1539561891898, "what": "LOGOUT", "params": {}, "result": "0", "time_at_start": 1539561891898, "elapsed": 0, "uuid": { "uuid": "audit:f135cb10-59be-4087-a9e0-571680b93a59" } } }
Example audit of a Gerrit changes query over SSH:
{ "type": "SshAuditEvent", "event": { "session_id": "22688824", "who": { "account_id": { "id": 1011203 }, "access_path": "SSH_COMMAND", "last_login_external_id_property_key": {} }, "when": 1539561891503, "what": "gerrit.query.--format.json.--current-patch-set.project:mycompany/myproject commit:798b22fcf3614e8575e0ef23019a9706b8acebcc NOT is:draft", "params": {}, "result": "0", "time_at_start": 1539561891503, "elapsed": 3, "uuid": { "uuid": "audit:171a9b6f-327a-40a2-9b66-c47a39eba68c" } } }