audit: how can I programmatically consume the audit logs? #5535
Assignees
Labels
stale
This issue is like stale bread.
Comments
bpmct
changed the title
|
@Kira-Pilot - just the second part. As a docs reader, it's not particularly clear that the audit logs are also server logs and this is something we explain in v1. The MVP could be a couple of sentences in the audit docs. Additionally, it would be nice for us to link to the API route docs from the overall audit docs. It differs from #5356 because that issue is around the specific activities that are audited. This is info on how to consume them. If you still have questions about this, we can do a short huddle and write the docs live. |
|
This issue is becoming stale. In order to keep the tracker readable and actionable, I'm going close to this issue in 7 days if there isn't more activity. |
|
This was addressed in #7991 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We need to document this :)
REST API: @mtojek is working on autogenerated docs for all the routes, including
/api/v2/auditTracked in Autogenerated docs for REST API #3522. For example:
Documented here: https://coder.com/docs/coder-oss/latest/api/audit#get-audit-logs
Server logs:
coder serverwill export audited events to/dev/stderrby defaultFor example:
2023-01-02 14:07:48.634 [INFO] (coderd) <./enterprise/audit/backends/slog.go:32> slogBackend.Export audit_log {"ID": "4fa877ad-92e5-425d-8aba-7b66bb7c01d2", "Action": "create", "Diff": {"id": {"Old": "", "New": "fb1c1df2-4d9a-44df-b606-abc4ec6d5ee5", "Secret": false}, "name": {"Old": "", "New": "new-workspace", "Secret": false}, "owner_id": {"Old": "", "New": "eaef1d37-125b-4b73-b05d-33401230baca", "Secret": false}, "template_id": {"Old": "", "New": "f5ceaa98-fe3a-4103-b0fb-15d7d340f2ad", "Secret": false}, "ttl": {"Old": 0, "New": 86400000000000, "Secret": false}}, "RequestID": "c210f24c-3a1c-4770-ad0c-8d13ceae9cf2", "UserAgent": {"String": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36", "Valid": true}, "ResourceID": "fb1c1df2-4d9a-44df-b606-abc4ec6d5ee5", "OrganizationID": "00000000-0000-0000-0000-000000000000", "ResourceTarget": "new-workspace", "ResourceIcon": "", "Time": "2023-01-02T14:07:48.632729Z", "UserID": "eaef1d37-125b-4b73-b05d-33401230baca", "Ip": {"IPNet": {"IP": "::1", "Mask": "/////////////////////w=="}, "Valid": true}, "ResourceType": "workspace", "StatusCode": 201, "AdditionalFields": {"workspaceOwner": "bpmct"}}In Coder v1, we have detailed documentation on exporting logs so we can use that as a reference.
The text was updated successfully, but these errors were encountered: