Introduction / FirstSpirit Server configuration / Additional security measures / Audit logging (Log4j2)
Audit logging in FirstSpirit
Table of contents |
To ensure that FirstSpirit Servers operate securely and without any problems, audit functions can be added to the FirstSpirit logging, enabling suspicious activities to be traced and assigned in order to prevent permissions being misused.
Logged activities
The following activities can be tracked:
- Creating / deleting projects
- Creating / deleting users
- Creating / deleting groups
- Adding users to / removing users from a project
- Installing / updating / deleting modules
- Creating / updating / deleting schedule entries (globally and for a specific project)
- Creating / updating / deleting action templates (globally and for a specific project)
Log levels
There are three log levels that can be output: INFO, DEBUG, and TRACE.
- INFO: General output of who has made which change where. The “who” is defined by the user name, the user ID, and the session context.
- DEBUG: This log level also provides an easy to understand, simple comparison view of the changes.
- TRACE: This outputs all the modified configurations in full. Changes are highlighted so they are easy to spot.
Enabling audit logging
Audit logging is disabled by default, but can be activated in fs-server.conf by setting the parameter audit.logging.enabled=true. Once enabled, audit logging is persistently stored in the fs-server.log file by default. Audit logging behavior should be adjusted using the Log4j configuration within fs-logging.xml ( see Logging configuration).
Basic audit logging cofiguration example
Example configuration of basic audit logging at the DEBUG level with an output in fs-audit.log:
<?xml version="1.0" encoding="UTF-8"?>
<Configuration status="WARN" packages="de.espirit.firstspirit.server.logging">
<Appenders>
<!-- dated logging is used by server monitoring for log file display -->
<File name="audit" fileName="d:/firstspirit/log/fs-audit.log" bufferedIO="true" immediateFlush="true" append="true">
<PatternLayout>
<pattern>%d{DEFAULT} %p %C{10} [%t] %m %n</pattern>
</PatternLayout>
</File>
<FsAppender name="fs" consoleLogging="false" plainLogging="true"
datedLogging="true" maxFileSize="5MB" buffer="8192" flushCycle="10"/>
</Appenders>
<Loggers>
<Logger name="de.espirit.firstspirit.logging.audit" level="DEBUG" additivity="false">
<AppenderRef ref="audit"/>
</Logger>
<Logger name="org.eclipse.jetty" level="WARN" additivity="false">
<AppenderRef ref="fs"/>
</Logger>
<Logger name="org.apache" level="WARN" additivity="false">
<AppenderRef ref="fs"/>
</Logger>
<Logger name="org.apache.log4j.jmx" level="ERROR" additivity="false">
<AppenderRef ref="fs"/>
</Logger>
<Logger name="de.espirit.firstspirit.server.ExecutionManagerImpl" level="INFO" additivity="false">
<AppenderRef ref="fs"/>
</Logger>
<Logger name="httpclient.wire" level="INFO" additivity="false">
<AppenderRef ref="fs"/>
</Logger>
<Logger name="org.apache.commons.httpclient" level="INFO" additivity="false">
<AppenderRef ref="fs"/>
</Logger>
<Logger name="org.apache.http" level="INFO" additivity="false">
<AppenderRef ref="fs"/>
</Logger>
<Logger name="org.apache.http.impl.execchain.RetryExec" level="WARN" additivity="false">
<AppenderRef ref="fs"/>
</Logger>
<Root level="INFO">
<AppenderRef ref="fs"/>
</Root>
</Loggers>
</Configuration>
Exemplary audit logging entry
An exemplary logging entry at the INFO level when members of a project group are changed could look like this:
INFO 2018-07-10 08:34:50,443 (de.espirit.firstspirit.logging.audit.ProjectDTOLogger)
Benutzername ( id: 5471 ) changed project properties for
{ project : Mithras ; id : 296791 }
172.17.16.206 (fsSession=877290240094464842, fsLogin=FirstSpiritLogin,
session=SystemUser, client=Windows 10 10.0 amd64
(Java(TM) SE Runtime Environment 1.8.0_171-b11))
Accessing log files via ServerMonitoring
The audit log files can be downloaded via the FirstSpirit ServerMonitoring. To do this, start said ServerMonitoring, and click “File download” under FirstSpirit / Configuration / System (as seen on the Screenshot). Now open the directory log and pick the desired log file.
To be able to download log files as mentioned before, they have to be inside the FirstSpirit log directory. This can be configured accordingly by the Log4J settings in the fs-logging.xml file. |