honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Reduced audit logs 

- Moved ACCESS_GRANTED logging of internal actions to TRACE level

Original commit: elastic/x-pack-elasticsearch@fe9bd3e64d
This commit is contained in:
uboness 2014-12-04 10:23:06 +01:00
parent 347374b56d
commit 150ac97ffe
2 changed files with 41 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
src/main/java/org/elasticsearch/shield/audit/logfile/LoggingAuditTrail.java
View File

@ -7,6 +7,7 @@ package org.elasticsearch.shield.audit.logfile;
import org.elasticsearch.action.IndicesRequest;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.base.Predicate;
import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.common.logging.ESLogger;
import org.elasticsearch.common.logging.Loggers;
@ -15,6 +16,7 @@ import org.elasticsearch.rest.RestRequest;
import org.elasticsearch.shield.User;
import org.elasticsearch.shield.audit.AuditTrail;
import org.elasticsearch.shield.authc.AuthenticationToken;
import org.elasticsearch.shield.authz.Privilege;
import org.elasticsearch.shield.transport.filter.ProfileIpFilterRule;
import org.elasticsearch.transport.TransportMessage;
import org.elasticsearch.transport.TransportRequest;
@ -28,6 +30,8 @@ public class LoggingAuditTrail implements AuditTrail {
public static final String NAME = "logfile";
private static final Predicate<String> SYSTEM_ACTION_MATCHER = Privilege.SYSTEM.predicate();
private final ESLogger logger;
@Override
@ -120,6 +124,19 @@ public class LoggingAuditTrail implements AuditTrail {
@Override
public void accessGranted(User user, String action, TransportMessage<?> message) {
String indices = indices(message);
// special treatment for system actions - only log on trace
if (SYSTEM_ACTION_MATCHER.apply(action)) {
if (logger.isTraceEnabled()) {
if (indices != null) {
logger.trace("ACCESS_GRANTED\thost=[{}], principal=[{}], action=[{}], indices=[{}], request=[{}]", message.remoteAddress(), user.principal(), action, indices, message);
} else {
logger.trace("ACCESS_GRANTED\thost=[{}], principal=[{}], action=[{}], request=[{}]", message.remoteAddress(), user.principal(), action, message);
}
}
return;
}
if (indices != null) {
if (logger.isDebugEnabled()) {
logger.debug("ACCESS_GRANTED\thost=[{}], principal=[{}], action=[{}], indices=[{}], request=[{}]", message.remoteAddress(), user.principal(), action, indices, message);

24
src/test/java/org/elasticsearch/shield/audit/logfile/LoggingAuditTrailTests.java
View File

@ -217,6 +217,30 @@ public class LoggingAuditTrailTests extends ElasticsearchTestCase {
}
}
@Test
public void testAccessGranted_SystemAction() throws Exception {
for (Level level : Level.values()) {
CapturingLogger logger = new CapturingLogger(level);
LoggingAuditTrail auditTrail = new LoggingAuditTrail(logger);
TransportMessage message = randomBoolean() ? new MockMessage() : new MockIndicesRequest();
auditTrail.accessGranted(new User.Simple("_username", "r1"), "internal:_action", message);
switch (level) {
case ERROR:
case WARN:
case INFO:
case DEBUG:
assertEmptyLog(logger);
break;
case TRACE:
if (message instanceof IndicesRequest) {
assertMsg(logger, Level.TRACE, "ACCESS_GRANTED\thost=[local[_host]], principal=[_username], action=[internal:_action], indices=[idx1,idx2], request=[mock-message]");
} else {
assertMsg(logger, Level.TRACE, "ACCESS_GRANTED\thost=[local[_host]], principal=[_username], action=[internal:_action], request=[mock-message]");
}
}
}
}
@Test
public void testAccessDenied() throws Exception {
for (Level level : Level.values()) {