Skip to main content

A simple python package to enable uniform audit logging

Project description

For a Django implementation (which uses this library) see https://github.com/Amsterdam/django-audit-log

DataPunt Audit Log

DataPunt Audit Log is a simple python package that provides a simple way to allow for uniform audit logs across all our applications.

The AuditLogger class can be provided with info and will log to stdout.

Eventually this logger wil run inside our docker containers. Filebeat will be used to read the audit logs from those containers, and will send them along to logstash, which in turn sends them to elastic.

Quick start

  1. Install using pip

    pip install datapunt_audit_log
    
  2. Add logs to your code

     AuditLogger()\
         .set_http_request(method='GET', url='https://localhost', user_agent='Test')\
         .info('This is a log message')\
         .send_log()
    

Basic Usage

The audit log is simple in its usage. There are several methods to set context-info regarding the request:

set_http_request(self, method: str, url: str, user_agent: str = '') -> 'AuditLogger'
set_http_response(self, status_code: int, reason: str, headers: dict = None) -> 'AuditLogger'
set_user(self, authenticated: bool, provider: str, email: str, roles: list = None, ip: str = '', realm: str = '') -> 'AuditLogger'
set_filter(self, object_name: str, kwargs: dict) -> 'AuditLogger'
set_results(self, results: list = None) -> 'AuditLogger'

Also, a log message and loglevel can be provided to indicate what the request is actually doing. This is done by calling one of the following methods:

debug(self, msg: str) -> 'AuditLogger'
info(self, msg: str) -> 'AuditLogger'
warning(self, msg: str) -> 'AuditLogger'
error(self, msg: str) -> 'AuditLogger'
critical(self, msg: str) -> 'AuditLogger'

Note that each of these methods returns self. We use an adaption of the builder pattern here to make the logger simple in use. It enables us to do:

AuditLogger()\
    .set_http_request(method='GET', url='https://localhost', user_agent='Test')\
    .info('This is a log message')\
    .send_log()

Context info

Although none of the methods are required before sending the log (you could even send an empty log), you are strongly urged to add as much info as possible before sending the log. This will eventually result in a complete audit log that contains the necessary details to perform proper auditing.

HTTP request

AuditLogger().set_http_request(self, method: str, url: str, user_agent: str = '') allows to provide more info about the HTTP request that has been executed.

This method will add the following details to the log:

"http_request": {
    "method": "get|post|head|options|etc..",
    "url": "https://datapunt.amsterdam.nl",
    "user_agent": "full browser user agent"
},

HTTP response

AuditLogger().set_http_response(self, status_code: int, reason: str, headers: dict = None) allows to provide more info detailing the HTTP response that was returned to the user.

This method will add the following details to the log:

"http_response": {
    "status_code": "http status code",
    "reason": "http status reason",
    "headers": {
      "key": "value"
}

User

AuditLogger().set_user(self, authenticated: bool, provider: str, email: str, roles: list = None, ip: str = '', realm: str = '') allows to provide details regarding the user that executed a specific request.

This method will add the following details to the log:

"user": {
    "authenticated": "True/False",
    "provider": "auth backend the user authenticated with",
    "realm": "optional realm when using keycloak or another provider",
    "email": "email of logged in user",
    "roles": "roles attached to the logged in user",
    "ip": "ip address"
}

Filter

AuditLogger().set_filter(self, object_name: str, kwargs: dict) allows to provide info on the requested type of object and the filters that have been used (a user searches for 'terms', which are matched on specific 'fields' of the 'object').

This method will add the following details to the log:

"filter": {
    "object": "Object name that is requested",
    "kwargs": {
        'fields': 'filter values',
        'more_fields': 'more filter values'
    }
}

Results

AuditLogger().set_results(self, results: list) allows to store what results have been returned to the user.

It is up to the developer to decide whether the amount of data that would be added here will become a burden instead of a blessing.

This method will add the following details to the log:

"results": {
    ...
  }

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

datapunt-audit-log-0.3.1.tar.gz (10.1 kB view details)

Uploaded Source

Built Distribution

datapunt_audit_log-0.3.1-py3-none-any.whl (10.2 kB view details)

Uploaded Python 3

File details

Details for the file datapunt-audit-log-0.3.1.tar.gz.

File metadata

  • Download URL: datapunt-audit-log-0.3.1.tar.gz
  • Upload date:
  • Size: 10.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.1.1 pkginfo/1.5.0.1 requests/2.22.0 setuptools/41.4.0 requests-toolbelt/0.9.1 tqdm/4.40.2 CPython/3.6.8

File hashes

Hashes for datapunt-audit-log-0.3.1.tar.gz
Algorithm Hash digest
SHA256 930b270dab64543a477bfffb1bfd6607788d8662ae6dbf0c89577e4a5700c810
MD5 b9657e44ff47e6032d44056cf31f0b5e
BLAKE2b-256 8fb01617a36b507e367c5681759aac06c4bcb5cf3989eebb1626905d73201efd

See more details on using hashes here.

File details

Details for the file datapunt_audit_log-0.3.1-py3-none-any.whl.

File metadata

  • Download URL: datapunt_audit_log-0.3.1-py3-none-any.whl
  • Upload date:
  • Size: 10.2 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.1.1 pkginfo/1.5.0.1 requests/2.22.0 setuptools/41.4.0 requests-toolbelt/0.9.1 tqdm/4.40.2 CPython/3.6.8

File hashes

Hashes for datapunt_audit_log-0.3.1-py3-none-any.whl
Algorithm Hash digest
SHA256 d7f8375d2adde33a944783b5290670ce7b71c4e9583da7079753c5edb82a2675
MD5 11c27a634a7059e912fc50e450b4bd3f
BLAKE2b-256 27d85f5259020d2f80f74be6c91e7a075813b85e6d05fc002d9a129aa467606c

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page