Audit Logging

Introduction

The SSoB Audit implementation has the Audit Common Service deployed with pre-requisite of FluentD service's availability in the cluster. The auditing is enabled by a flag set while deployment as per the requirement. The audit logging includes the selective events for monitor/activity/control. The internal components makes HTTP call to the SSoB Audit Common Service to register these events.

Audit data format:

SSoB follows CADF format to record audit events.

This standard provides all round information about the occurred event such as,

  • initiator (who),

  • target (on what),

  • observer (from/to where),

  • action (what),

  • outcome (result),

  • timestamp (when), etc.

SSoB Audit Common Service:

Deployment and Binding:

The audit service uses custom binding secret k5-auditlog-settings for deployment along with other infrastructure secrets. This secret contains the connectionString which should contain internal url of deployed FluentD service. The secret can be read/updated by using k5-configurator endpoints.

Implementation:

The audit service receives the audit log in API request body and validate. The configured FluentD service url is invoked with the audit payload for log collection and further to configured visualizer. In case of downtime/unavailability of FluentD service the audit payload is stored in log files within the audit service container.