Audit and syslog lightning talk
-
Upload
ivan-arroyo-escobar -
Category
Documents
-
view
393 -
download
4
Transcript of Audit and syslog lightning talk
![Page 1: Audit and syslog lightning talk](https://reader036.fdocuments.net/reader036/viewer/2022062405/5554c690b4c90503388b51bb/html5/thumbnails/1.jpg)
Audit: data extractors, data generators and integration with Syslog
Iván ArroyoAlfresco Developer
![Page 2: Audit and syslog lightning talk](https://reader036.fdocuments.net/reader036/viewer/2022062405/5554c690b4c90503388b51bb/html5/thumbnails/2.jpg)
What is the alfresco Audit?
![Page 3: Audit and syslog lightning talk](https://reader036.fdocuments.net/reader036/viewer/2022062405/5554c690b4c90503388b51bb/html5/thumbnails/3.jpg)
Data Producers
What is a data producer?
![Page 4: Audit and syslog lightning talk](https://reader036.fdocuments.net/reader036/viewer/2022062405/5554c690b4c90503388b51bb/html5/thumbnails/4.jpg)
Data Producers
PathMapping
Application
• An application define how data is mapped, extracted, and recorded without affecting data required by other applications
• The data generate by “data producers” are passing to application through the path mappings
![Page 5: Audit and syslog lightning talk](https://reader036.fdocuments.net/reader036/viewer/2022062405/5554c690b4c90503388b51bb/html5/thumbnails/5.jpg)
Audit Component
![Page 6: Audit and syslog lightning talk](https://reader036.fdocuments.net/reader036/viewer/2022062405/5554c690b4c90503388b51bb/html5/thumbnails/6.jpg)
Data extractors and data generators
Data Generator
• A DataGenerator is a component that produces data without any input i.e. data is produced when a data path is active, but is independent of the values at that path.
• A DataExtractor is a component that uses input data to produce some output, either transforming the data or merely outputting the data verbatim
Data Extractor
![Page 7: Audit and syslog lightning talk](https://reader036.fdocuments.net/reader036/viewer/2022062405/5554c690b4c90503388b51bb/html5/thumbnails/7.jpg)
AuditQuery
Consult each audit application component by a customizable query
Normal query (all results)
•curl -u <admin user>:<password> "http://<hostname>:<port>/alfresco/service/api/audit/query/<application name>?verbose=true
Optional parameters
•forward (true|false), sorted upward (true)/ downward (false) by date time•limit (true|false), limit the number of results.•toId, return the results until id specified•value, the value to filter•fromTime/toTime, returns the result by the time interval specified (millisecond)
![Page 8: Audit and syslog lightning talk](https://reader036.fdocuments.net/reader036/viewer/2022062405/5554c690b4c90503388b51bb/html5/thumbnails/8.jpg)
Unifying all of the above in an example
![Page 9: Audit and syslog lightning talk](https://reader036.fdocuments.net/reader036/viewer/2022062405/5554c690b4c90503388b51bb/html5/thumbnails/9.jpg)
Modify the output of audited messages
• Why?
• Advantages and disadvantages
![Page 10: Audit and syslog lightning talk](https://reader036.fdocuments.net/reader036/viewer/2022062405/5554c690b4c90503388b51bb/html5/thumbnails/10.jpg)
What is Syslog?
![Page 11: Audit and syslog lightning talk](https://reader036.fdocuments.net/reader036/viewer/2022062405/5554c690b4c90503388b51bb/html5/thumbnails/11.jpg)
Syslog configuration
• Configuration file: /etc/syslog.conf
1.Facilities
2.Log File
![Page 12: Audit and syslog lightning talk](https://reader036.fdocuments.net/reader036/viewer/2022062405/5554c690b4c90503388b51bb/html5/thumbnails/12.jpg)
Log4j: syslog appender and additivity
log4j.properties (appender)
log4j.appender.syslog=org.apache.log4j.net.SyslogAppenderlog4j.appender.syslog.syslogHost=localhostlog4j.appender.syslog.layout=org.apache.log4j.PatternLayoutlog4j.appender.syslog.layout.conversionPattern=%m%nlog4j.appender.syslog.Facility=local4
log4j.properties (additivity)
log4j.logger.org.alfresco.audit.LogAuditImpl=INFO,sysloglog4j.additivity.org.alfresco.audit.LogAuditImpl = false
![Page 13: Audit and syslog lightning talk](https://reader036.fdocuments.net/reader036/viewer/2022062405/5554c690b4c90503388b51bb/html5/thumbnails/13.jpg)
Logrotate: master you log files
• What is?
• How works?
![Page 14: Audit and syslog lightning talk](https://reader036.fdocuments.net/reader036/viewer/2022062405/5554c690b4c90503388b51bb/html5/thumbnails/14.jpg)
Demo
![Page 15: Audit and syslog lightning talk](https://reader036.fdocuments.net/reader036/viewer/2022062405/5554c690b4c90503388b51bb/html5/thumbnails/15.jpg)
Thank You!
@ivanscn