Documentation
¶
Overview ¶
Package audit provides comprehensive security audit logging functionality
Package audit provides comprehensive security audit logging functionality ¶
Package audit provides comprehensive security audit logging functionality
Index ¶
- type AlertChannel
- type AlertRule
- type AuditConfig
- type AuditEvent
- func (e *AuditEvent) AsSystemGenerated() *AuditEvent
- func (e *AuditEvent) WithChanges(changes map[string]interface{}) *AuditEvent
- func (e *AuditEvent) WithDuration(durationMs int64) *AuditEvent
- func (e *AuditEvent) WithIPAddress(ipAddress string) *AuditEvent
- func (e *AuditEvent) WithMetadata(key string, value interface{}) *AuditEvent
- func (e *AuditEvent) WithRequestID(requestID string) *AuditEvent
- func (e *AuditEvent) WithResourceID(resourceID string) *AuditEvent
- func (e *AuditEvent) WithSessionID(sessionID string) *AuditEvent
- func (e *AuditEvent) WithSeverity(severity common.AuditSeverity) *AuditEvent
- func (e *AuditEvent) WithStatus(status string) *AuditEvent
- func (e *AuditEvent) WithTags(tags ...string) *AuditEvent
- func (e *AuditEvent) WithUserAgent(userAgent string) *AuditEvent
- func (e *AuditEvent) WithUserInfo(userID, username string) *AuditEvent
- type AuditLogger
- type AuditManager
- func (m *AuditManager) AddAlertRule(rule AlertRule) error
- func (m *AuditManager) Close() error
- func (m *AuditManager) DeleteAlertRule(id string) error
- func (m *AuditManager) DisableAlertRule(id string) error
- func (m *AuditManager) EnableAlertRule(id string) error
- func (m *AuditManager) GetAlertRules() []AlertRule
- func (m *AuditManager) GetAuditLog(ctx context.Context, id string) (*AuditEvent, error)
- func (m *AuditManager) LogAudit(ctx context.Context, log *AuditEvent) error
- func (m *AuditManager) QueryAuditLogs(ctx context.Context, filter *AuditQueryFilter) ([]*AuditEvent, error)
- func (m *AuditManager) UpdateAlertRule(rule AlertRule) error
- type AuditQueryFilter
- type DatabaseAuditLogger
- type FileAuditLogger
- func (l *FileAuditLogger) Close() error
- func (l *FileAuditLogger) GetAuditLog(ctx context.Context, id string) (*AuditEvent, error)
- func (l *FileAuditLogger) LogAudit(ctx context.Context, event *AuditEvent) error
- func (l *FileAuditLogger) QueryAuditLogs(ctx context.Context, filter *AuditQueryFilter) ([]*AuditEvent, error)
- type InMemoryAuditLogger
- type SyslogAuditLogger
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AlertChannel ¶
type AlertChannel struct {
// Type of alert channel (email, sms, webhook, etc.)
Type string `json:"type"`
// Configuration for the alert channel
Config map[string]interface{} `json:"config"`
}
AlertChannel defines a notification channel for security alerts
type AlertRule ¶
type AlertRule struct {
// Unique identifier for the rule
ID string `json:"id"`
// Human-readable name for the rule
Name string `json:"name"`
// Description of the rule
Description string `json:"description"`
// Minimum severity level to trigger the alert
MinSeverity common.AuditSeverity `json:"min_severity"`
// Actions that should trigger the alert
Actions []common.AuditAction `json:"actions"`
// Resources that should trigger the alert
Resources []string `json:"resources"`
// Alert notification channels
Channels []AlertChannel `json:"channels"`
// Whether the rule is enabled
Enabled bool `json:"enabled"`
// Cooldown period between alerts in seconds
CooldownSeconds int `json:"cooldown_seconds"`
// contains filtered or unexported fields
}
AlertRule defines a rule for triggering alerts based on audit events
type AuditConfig ¶
type AuditConfig struct {
// Whether to enable audit logging
Enabled bool `json:"enabled"`
// Minimum severity level to log
MinSeverity common.AuditSeverity `json:"min_severity"`
// File path for audit logs
LogFilePath string `json:"log_file_path"`
// Whether to log to syslog
EnableSyslog bool `json:"enable_syslog"`
// Whether to log to database
EnableDatabase bool `json:"enable_database"`
// Database connection string
DatabaseURL string `json:"database_url"`
// Log retention period in days
RetentionDays int `json:"retention_days"`
// Whether to enable real-time alerting
EnableAlerts bool `json:"enable_alerts"`
// Whether to encrypt audit logs
EncryptLogs bool `json:"encrypt_logs"`
// Encryption key for audit logs (if encryption is enabled)
EncryptionKey string `json:"encryption_key,omitempty"`
// Whether to sign audit logs for integrity verification
SignLogs bool `json:"sign_logs"`
// Signing key ID for audit logs (if signing is enabled)
SigningKeyID string `json:"signing_key_id,omitempty"`
// Whether to include sensitive data in audit logs
IncludeSensitiveData bool `json:"include_sensitive_data"`
// List of fields to redact from audit logs
RedactFields []string `json:"redact_fields"`
// Whether to compress audit logs
CompressLogs bool `json:"compress_logs"`
// Maximum size of a single audit log file in MB
MaxLogFileSize int `json:"max_log_file_size"`
// Maximum number of audit log files to keep
MaxLogFiles int `json:"max_log_files"`
}
AuditConfig defines the configuration for audit logging
func DefaultAuditConfig ¶
func DefaultAuditConfig() *AuditConfig
DefaultAuditConfig returns the default audit configuration
type AuditEvent ¶
type AuditEvent struct {
// Unique identifier for the audit event
ID string `json:"id"`
// Time when the event occurred
Timestamp time.Time `json:"timestamp"`
// User who performed the action
UserID string `json:"user_id,omitempty"`
// Username of the user who performed the action
Username string `json:"username,omitempty"`
// Type of action performed
Action common.AuditAction `json:"action"`
// Resource type that was acted upon
Resource string `json:"resource"`
// Specific resource identifier
ResourceID string `json:"resource_id,omitempty"`
// Human-readable description of the event
Description string `json:"description"`
// IP address where the action originated
IPAddress string `json:"ip_address,omitempty"`
// User agent of the client
UserAgent string `json:"user_agent,omitempty"`
// Severity level of the event
Severity common.AuditSeverity `json:"severity"`
// Status of the action (success, failure, etc.)
Status string `json:"status"`
// Session identifier
SessionID string `json:"session_id,omitempty"`
// Additional metadata about the event
Metadata map[string]interface{} `json:"metadata,omitempty"`
// Changes made during the event (for update operations)
Changes map[string]interface{} `json:"changes,omitempty"`
// Request ID for correlating multiple events in a single request
RequestID string `json:"request_id,omitempty"`
// Duration of the operation in milliseconds
DurationMs int64 `json:"duration_ms,omitempty"`
// Whether the event was generated by the system
SystemGenerated bool `json:"system_generated,omitempty"`
// Tags for categorizing and filtering events
Tags []string `json:"tags,omitempty"`
}
AuditEvent represents a security audit event
func NewAuditEvent ¶
func NewAuditEvent(action common.AuditAction, resource string, description string) *AuditEvent
NewAuditEvent creates a new audit event with default values
func (*AuditEvent) AsSystemGenerated ¶
func (e *AuditEvent) AsSystemGenerated() *AuditEvent
AsSystemGenerated marks the event as system-generated
func (*AuditEvent) WithChanges ¶
func (e *AuditEvent) WithChanges(changes map[string]interface{}) *AuditEvent
WithChanges adds changes information to the audit event
func (*AuditEvent) WithDuration ¶
func (e *AuditEvent) WithDuration(durationMs int64) *AuditEvent
WithDuration adds operation duration to the audit event
func (*AuditEvent) WithIPAddress ¶
func (e *AuditEvent) WithIPAddress(ipAddress string) *AuditEvent
WithIPAddress adds IP address to the audit event
func (*AuditEvent) WithMetadata ¶
func (e *AuditEvent) WithMetadata(key string, value interface{}) *AuditEvent
WithMetadata adds metadata to the audit event
func (*AuditEvent) WithRequestID ¶
func (e *AuditEvent) WithRequestID(requestID string) *AuditEvent
WithRequestID adds request ID to the audit event
func (*AuditEvent) WithResourceID ¶
func (e *AuditEvent) WithResourceID(resourceID string) *AuditEvent
WithResourceID adds resource ID to the audit event
func (*AuditEvent) WithSessionID ¶
func (e *AuditEvent) WithSessionID(sessionID string) *AuditEvent
WithSessionID adds session ID to the audit event
func (*AuditEvent) WithSeverity ¶
func (e *AuditEvent) WithSeverity(severity common.AuditSeverity) *AuditEvent
WithSeverity sets the severity of the audit event
func (*AuditEvent) WithStatus ¶
func (e *AuditEvent) WithStatus(status string) *AuditEvent
WithStatus sets the status of the audit event
func (*AuditEvent) WithTags ¶
func (e *AuditEvent) WithTags(tags ...string) *AuditEvent
WithTags adds tags to the audit event
func (*AuditEvent) WithUserAgent ¶
func (e *AuditEvent) WithUserAgent(userAgent string) *AuditEvent
WithUserAgent adds user agent to the audit event
func (*AuditEvent) WithUserInfo ¶
func (e *AuditEvent) WithUserInfo(userID, username string) *AuditEvent
WithUserInfo adds user information to the audit event
type AuditLogger ¶
type AuditLogger interface {
// LogAudit logs an audit event
LogAudit(ctx context.Context, event *AuditEvent) error
// QueryAuditLogs queries audit logs based on filters
QueryAuditLogs(ctx context.Context, filter *AuditQueryFilter) ([]*AuditEvent, error)
// GetAuditLog retrieves a specific audit log by ID
GetAuditLog(ctx context.Context, id string) (*AuditEvent, error)
}
AuditLogger defines the interface for audit logging implementations
type AuditManager ¶
type AuditManager struct {
// contains filtered or unexported fields
}
AuditManager is responsible for managing security audit logging
func NewAuditManager ¶
func NewAuditManager(config *AuditConfig) (*AuditManager, error)
NewAuditManager creates a new audit manager
func (*AuditManager) AddAlertRule ¶
func (m *AuditManager) AddAlertRule(rule AlertRule) error
AddAlertRule adds a new alert rule
func (*AuditManager) Close ¶
func (m *AuditManager) Close() error
Close closes the audit manager and all loggers
func (*AuditManager) DeleteAlertRule ¶
func (m *AuditManager) DeleteAlertRule(id string) error
DeleteAlertRule deletes an alert rule
func (*AuditManager) DisableAlertRule ¶
func (m *AuditManager) DisableAlertRule(id string) error
DisableAlertRule disables an alert rule
func (*AuditManager) EnableAlertRule ¶
func (m *AuditManager) EnableAlertRule(id string) error
EnableAlertRule enables an alert rule
func (*AuditManager) GetAlertRules ¶
func (m *AuditManager) GetAlertRules() []AlertRule
GetAlertRules returns all alert rules
func (*AuditManager) GetAuditLog ¶
func (m *AuditManager) GetAuditLog(ctx context.Context, id string) (*AuditEvent, error)
GetAuditLog retrieves a specific audit log by ID
func (*AuditManager) LogAudit ¶
func (m *AuditManager) LogAudit(ctx context.Context, log *AuditEvent) error
LogAudit logs an audit event to all configured loggers
func (*AuditManager) QueryAuditLogs ¶
func (m *AuditManager) QueryAuditLogs(ctx context.Context, filter *AuditQueryFilter) ([]*AuditEvent, error)
QueryAuditLogs queries audit logs based on filters
func (*AuditManager) UpdateAlertRule ¶
func (m *AuditManager) UpdateAlertRule(rule AlertRule) error
UpdateAlertRule updates an existing alert rule
type AuditQueryFilter ¶
type AuditQueryFilter struct {
// User ID to filter by
UserID string `json:"user_id,omitempty"`
// Username to filter by
Username string `json:"username,omitempty"`
// Action to filter by
Action common.AuditAction `json:"action,omitempty"`
// Resource type to filter by
Resource string `json:"resource,omitempty"`
// Resource ID to filter by
ResourceID string `json:"resource_id,omitempty"`
// IP address to filter by
IPAddress string `json:"ip_address,omitempty"`
// Minimum severity level to include
MinSeverity common.AuditSeverity `json:"min_severity,omitempty"`
// Maximum severity level to include
MaxSeverity common.AuditSeverity `json:"max_severity,omitempty"`
// Status to filter by
Status string `json:"status,omitempty"`
// Session ID to filter by
SessionID string `json:"session_id,omitempty"`
// Start time for the query range
StartTime time.Time `json:"start_time,omitempty"`
// End time for the query range
EndTime time.Time `json:"end_time,omitempty"`
// Maximum number of results to return
Limit int `json:"limit,omitempty"`
// Number of results to skip
Offset int `json:"offset,omitempty"`
// Field to sort by
SortBy string `json:"sort_by,omitempty"`
// Sort order (asc or desc)
SortOrder string `json:"sort_order,omitempty"`
// Tags to filter by (must match all)
Tags []string `json:"tags,omitempty"`
// Request ID to filter by
RequestID string `json:"request_id,omitempty"`
// Whether to include system-generated events
IncludeSystemGenerated bool `json:"include_system_generated,omitempty"`
// Full-text search query
Query string `json:"query,omitempty"`
}
AuditQueryFilter defines filters for querying audit logs
type DatabaseAuditLogger ¶
type DatabaseAuditLogger struct {
// contains filtered or unexported fields
}
DatabaseAuditLogger is a database-based implementation of AuditLogger
func NewDatabaseAuditLogger ¶
func NewDatabaseAuditLogger(dbURL string, config *AuditConfig) (*DatabaseAuditLogger, error)
NewDatabaseAuditLogger creates a new database-based audit logger
func (*DatabaseAuditLogger) GetAuditLog ¶
func (l *DatabaseAuditLogger) GetAuditLog(ctx context.Context, id string) (*AuditEvent, error)
GetAuditLog retrieves a specific audit log by ID
func (*DatabaseAuditLogger) LogAudit ¶
func (l *DatabaseAuditLogger) LogAudit(ctx context.Context, event *AuditEvent) error
LogAudit logs an audit event to the database
func (*DatabaseAuditLogger) QueryAuditLogs ¶
func (l *DatabaseAuditLogger) QueryAuditLogs(ctx context.Context, filter *AuditQueryFilter) ([]*AuditEvent, error)
QueryAuditLogs queries audit logs from the database
type FileAuditLogger ¶
type FileAuditLogger struct {
// contains filtered or unexported fields
}
FileAuditLogger is a file-based implementation of AuditLogger
func NewFileAuditLogger ¶
func NewFileAuditLogger(filePath string, config *AuditConfig) (*FileAuditLogger, error)
NewFileAuditLogger creates a new file-based audit logger
func (*FileAuditLogger) Close ¶
func (l *FileAuditLogger) Close() error
Close closes the file audit logger
func (*FileAuditLogger) GetAuditLog ¶
func (l *FileAuditLogger) GetAuditLog(ctx context.Context, id string) (*AuditEvent, error)
GetAuditLog retrieves a specific audit log by ID
func (*FileAuditLogger) LogAudit ¶
func (l *FileAuditLogger) LogAudit(ctx context.Context, event *AuditEvent) error
LogAudit logs an audit event to the file
func (*FileAuditLogger) QueryAuditLogs ¶
func (l *FileAuditLogger) QueryAuditLogs(ctx context.Context, filter *AuditQueryFilter) ([]*AuditEvent, error)
QueryAuditLogs queries audit logs from the file
type InMemoryAuditLogger ¶
type InMemoryAuditLogger struct {
// contains filtered or unexported fields
}
InMemoryAuditLogger is an in-memory implementation of AuditLogger
func NewInMemoryAuditLogger ¶
func NewInMemoryAuditLogger(config *AuditConfig) *InMemoryAuditLogger
NewInMemoryAuditLogger creates a new in-memory audit logger
func (*InMemoryAuditLogger) GetAuditLog ¶
func (l *InMemoryAuditLogger) GetAuditLog(ctx context.Context, id string) (*AuditEvent, error)
GetAuditLog retrieves a specific audit log by ID
func (*InMemoryAuditLogger) LogAudit ¶
func (l *InMemoryAuditLogger) LogAudit(ctx context.Context, event *AuditEvent) error
LogAudit logs an audit event to memory
func (*InMemoryAuditLogger) QueryAuditLogs ¶
func (l *InMemoryAuditLogger) QueryAuditLogs(ctx context.Context, filter *AuditQueryFilter) ([]*AuditEvent, error)
QueryAuditLogs queries audit logs based on filters
type SyslogAuditLogger ¶
type SyslogAuditLogger struct {
// contains filtered or unexported fields
}
SyslogAuditLogger is a syslog-based implementation of AuditLogger
func NewSyslogAuditLogger ¶
func NewSyslogAuditLogger(config *AuditConfig) (*SyslogAuditLogger, error)
NewSyslogAuditLogger creates a new syslog-based audit logger
func (*SyslogAuditLogger) GetAuditLog ¶
func (l *SyslogAuditLogger) GetAuditLog(ctx context.Context, id string) (*AuditEvent, error)
GetAuditLog retrieves a specific audit log by ID
func (*SyslogAuditLogger) LogAudit ¶
func (l *SyslogAuditLogger) LogAudit(ctx context.Context, event *AuditEvent) error
LogAudit logs an audit event to syslog
func (*SyslogAuditLogger) QueryAuditLogs ¶
func (l *SyslogAuditLogger) QueryAuditLogs(ctx context.Context, filter *AuditQueryFilter) ([]*AuditEvent, error)
QueryAuditLogs queries audit logs from syslog