| commit | c5ef3aa5e5770f138dc5a198fe54a1d77df62cf6 | [log] [tgz] |
|---|---|---|
| author | Filip Stefanov <ph.stefanov@gmail.com> | Fri Aug 30 11:38:12 2024 +0000 |
| committer | Filip Stefanov <ph.stefanov@gmail.com> | Fri Aug 30 13:06:57 2024 +0000 |
| tree | 975296b3438e64a80afaaba5ed73881d2d2c69ec | |
| parent | d29774886c50f331aba810e57f203830657253e4 [diff] |
Fix errorprone for SshModule Summary: Reference https://gerrit-review.googlesource.com/c/gerrit/+/400622 See https://errorprone.info/bugpattern/MutableGuiceModule Test Plan: Before: public class SshModule extends PluginCommandModule { required: String found: no arguments reason: actual and formal argument lists differ in length Target //plugins/audit-sl4j:audit-sl4j failed to build ERROR: Build did NOT complete successfully After: bazelisk build --verbose_failures audit-sl4j:audit-sl4j Target //plugins/audit-sl4j:audit-sl4j up-to-date: bazel-bin/plugins/audit-sl4j/audit-sl4j.jar INFO: Elapsed time: 0.522s, Critical Path: 0.43s INFO: 5 processes: 1 internal, 3 linux-sandbox, 1 worker. INFO: Build completed successfully, 5 total actions Gerrit log: com.google.gerrit.server.plugins.PluginLoader Loaded plugin audit-sl4j, version v3.3.0-9-gd4b3a97 Change-Id: I8119e531156bb8920b61bc7afe8636d634f4b12e Signed-off-by: Filip Stefanov <fstefanov@mm-sol.com>
Plug into the Gerrit Code Review audit extension and format and forward all the events to an SLF4J appender, the same logging system used internally for the generation of all logs..
Audit events are by default stored into the Gerrit error_log under the appender com.googlesource.gerrit.plugins.auditsl4j.LoggerAudit. However, it is possible to generate a separate audit file and having the audit records formatted into CSV or JSON.
For more details, see the configuration guide in the plugin.
Audits leave an immutable trace of what happened on Gerrit and allows to answer the question “who did what and when?”.
When aggregated by time, project or user, can give an overall figure on how much the system is utilized and allow to make a better planning of the hardware resources allocation and planning the downtimes to reduce the impact on the people and projects.
Gerrit stream events are triggered on Git-related operations and reviews, but do not cover most of the actions that happen on Gerrit and do not include all the system information that is typically needed for audit-trail purposes.
Furthermore, stream events are designed to be consumed in near-real-time while audits, are typically archived and consumed off-line.
The format of Gerrit audits changes across the different releases because they reflect the internal representation of the Java objects in memory.
They share an overall basic structure:
Example audit of a login from a Git client over SSH:
{ "type": "SshAuditEvent", "event": { "session_id": "0261c43e", "who": { "account_id": { "id": 1011575 }, "access_path": "GIT", "last_login_external_id_property_key": {} }, "when": 1539561891898, "what": "LOGOUT", "params": {}, "result": "0", "time_at_start": 1539561891898, "elapsed": 0, "uuid": { "uuid": "audit:f135cb10-59be-4087-a9e0-571680b93a59" } } }
Example audit of a Gerrit changes query over SSH:
{ "type": "SshAuditEvent", "event": { "session_id": "22688824", "who": { "account_id": { "id": 1011203 }, "access_path": "SSH_COMMAND", "last_login_external_id_property_key": {} }, "when": 1539561891503, "what": "gerrit.query.--format.json.--current-patch-set.project:mycompany/myproject commit:798b22fcf3614e8575e0ef23019a9706b8acebcc NOT is:draft", "params": {}, "result": "0", "time_at_start": 1539561891503, "elapsed": 3, "uuid": { "uuid": "audit:171a9b6f-327a-40a2-9b66-c47a39eba68c" } } }
The makes available an ssh command to transform http_logs and ssh_logs into Audit Logs:
ssh -p 29418 admin@localhost audit-sl4j transform --from 2019-01-23 --until 2019-01-24