audit

package
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 20, 2025 License: MIT Imports: 8 Imported by: 0

Documentation

Overview

Package audit provides comprehensive security audit logging functionality

Package audit provides comprehensive security audit logging functionality

Package audit provides comprehensive security audit logging functionality

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AlertChannel

type AlertChannel struct {
	// Type of alert channel (email, sms, webhook, etc.)
	Type string `json:"type"`

	// Configuration for the alert channel
	Config map[string]interface{} `json:"config"`
}

AlertChannel defines a notification channel for security alerts

type AlertRule

type AlertRule struct {
	// Unique identifier for the rule
	ID string `json:"id"`

	// Human-readable name for the rule
	Name string `json:"name"`

	// Description of the rule
	Description string `json:"description"`

	// Minimum severity level to trigger the alert
	MinSeverity common.AuditSeverity `json:"min_severity"`

	// Actions that should trigger the alert
	Actions []common.AuditAction `json:"actions"`

	// Resources that should trigger the alert
	Resources []string `json:"resources"`

	// Alert notification channels
	Channels []AlertChannel `json:"channels"`

	// Whether the rule is enabled
	Enabled bool `json:"enabled"`

	// Cooldown period between alerts in seconds
	CooldownSeconds int `json:"cooldown_seconds"`
	// contains filtered or unexported fields
}

AlertRule defines a rule for triggering alerts based on audit events

type AuditConfig

type AuditConfig struct {
	// Whether to enable audit logging
	Enabled bool `json:"enabled"`

	// Minimum severity level to log
	MinSeverity common.AuditSeverity `json:"min_severity"`

	// File path for audit logs
	LogFilePath string `json:"log_file_path"`

	// Whether to log to syslog
	EnableSyslog bool `json:"enable_syslog"`

	// Whether to log to database
	EnableDatabase bool `json:"enable_database"`

	// Database connection string
	DatabaseURL string `json:"database_url"`

	// Log retention period in days
	RetentionDays int `json:"retention_days"`

	// Whether to enable real-time alerting
	EnableAlerts bool `json:"enable_alerts"`

	// Whether to encrypt audit logs
	EncryptLogs bool `json:"encrypt_logs"`

	// Encryption key for audit logs (if encryption is enabled)
	EncryptionKey string `json:"encryption_key,omitempty"`

	// Whether to sign audit logs for integrity verification
	SignLogs bool `json:"sign_logs"`

	// Signing key ID for audit logs (if signing is enabled)
	SigningKeyID string `json:"signing_key_id,omitempty"`

	// Whether to include sensitive data in audit logs
	IncludeSensitiveData bool `json:"include_sensitive_data"`

	// List of fields to redact from audit logs
	RedactFields []string `json:"redact_fields"`

	// Whether to compress audit logs
	CompressLogs bool `json:"compress_logs"`

	// Maximum size of a single audit log file in MB
	MaxLogFileSize int `json:"max_log_file_size"`

	// Maximum number of audit log files to keep
	MaxLogFiles int `json:"max_log_files"`
}

AuditConfig defines the configuration for audit logging

func DefaultAuditConfig

func DefaultAuditConfig() *AuditConfig

DefaultAuditConfig returns the default audit configuration

type AuditEvent

type AuditEvent struct {
	// Unique identifier for the audit event
	ID string `json:"id"`

	// Time when the event occurred
	Timestamp time.Time `json:"timestamp"`

	// User who performed the action
	UserID string `json:"user_id,omitempty"`

	// Username of the user who performed the action
	Username string `json:"username,omitempty"`

	// Type of action performed
	Action common.AuditAction `json:"action"`

	// Resource type that was acted upon
	Resource string `json:"resource"`

	// Specific resource identifier
	ResourceID string `json:"resource_id,omitempty"`

	// Human-readable description of the event
	Description string `json:"description"`

	// IP address where the action originated
	IPAddress string `json:"ip_address,omitempty"`

	// User agent of the client
	UserAgent string `json:"user_agent,omitempty"`

	// Severity level of the event
	Severity common.AuditSeverity `json:"severity"`

	// Status of the action (success, failure, etc.)
	Status string `json:"status"`

	// Session identifier
	SessionID string `json:"session_id,omitempty"`

	// Additional metadata about the event
	Metadata map[string]interface{} `json:"metadata,omitempty"`

	// Changes made during the event (for update operations)
	Changes map[string]interface{} `json:"changes,omitempty"`

	// Request ID for correlating multiple events in a single request
	RequestID string `json:"request_id,omitempty"`

	// Duration of the operation in milliseconds
	DurationMs int64 `json:"duration_ms,omitempty"`

	// Whether the event was generated by the system
	SystemGenerated bool `json:"system_generated,omitempty"`

	// Tags for categorizing and filtering events
	Tags []string `json:"tags,omitempty"`
}

AuditEvent represents a security audit event

func NewAuditEvent

func NewAuditEvent(action common.AuditAction, resource string, description string) *AuditEvent

NewAuditEvent creates a new audit event with default values

func (*AuditEvent) AsSystemGenerated

func (e *AuditEvent) AsSystemGenerated() *AuditEvent

AsSystemGenerated marks the event as system-generated

func (*AuditEvent) WithChanges

func (e *AuditEvent) WithChanges(changes map[string]interface{}) *AuditEvent

WithChanges adds changes information to the audit event

func (*AuditEvent) WithDuration

func (e *AuditEvent) WithDuration(durationMs int64) *AuditEvent

WithDuration adds operation duration to the audit event

func (*AuditEvent) WithIPAddress

func (e *AuditEvent) WithIPAddress(ipAddress string) *AuditEvent

WithIPAddress adds IP address to the audit event

func (*AuditEvent) WithMetadata

func (e *AuditEvent) WithMetadata(key string, value interface{}) *AuditEvent

WithMetadata adds metadata to the audit event

func (*AuditEvent) WithRequestID

func (e *AuditEvent) WithRequestID(requestID string) *AuditEvent

WithRequestID adds request ID to the audit event

func (*AuditEvent) WithResourceID

func (e *AuditEvent) WithResourceID(resourceID string) *AuditEvent

WithResourceID adds resource ID to the audit event

func (*AuditEvent) WithSessionID

func (e *AuditEvent) WithSessionID(sessionID string) *AuditEvent

WithSessionID adds session ID to the audit event

func (*AuditEvent) WithSeverity

func (e *AuditEvent) WithSeverity(severity common.AuditSeverity) *AuditEvent

WithSeverity sets the severity of the audit event

func (*AuditEvent) WithStatus

func (e *AuditEvent) WithStatus(status string) *AuditEvent

WithStatus sets the status of the audit event

func (*AuditEvent) WithTags

func (e *AuditEvent) WithTags(tags ...string) *AuditEvent

WithTags adds tags to the audit event

func (*AuditEvent) WithUserAgent

func (e *AuditEvent) WithUserAgent(userAgent string) *AuditEvent

WithUserAgent adds user agent to the audit event

func (*AuditEvent) WithUserInfo

func (e *AuditEvent) WithUserInfo(userID, username string) *AuditEvent

WithUserInfo adds user information to the audit event

type AuditLogger

type AuditLogger interface {
	// LogAudit logs an audit event
	LogAudit(ctx context.Context, event *AuditEvent) error

	// QueryAuditLogs queries audit logs based on filters
	QueryAuditLogs(ctx context.Context, filter *AuditQueryFilter) ([]*AuditEvent, error)

	// GetAuditLog retrieves a specific audit log by ID
	GetAuditLog(ctx context.Context, id string) (*AuditEvent, error)
}

AuditLogger defines the interface for audit logging implementations

type AuditManager

type AuditManager struct {
	// contains filtered or unexported fields
}

AuditManager is responsible for managing security audit logging

func NewAuditManager

func NewAuditManager(config *AuditConfig) (*AuditManager, error)

NewAuditManager creates a new audit manager

func (*AuditManager) AddAlertRule

func (m *AuditManager) AddAlertRule(rule AlertRule) error

AddAlertRule adds a new alert rule

func (*AuditManager) Close

func (m *AuditManager) Close() error

Close closes the audit manager and all loggers

func (*AuditManager) DeleteAlertRule

func (m *AuditManager) DeleteAlertRule(id string) error

DeleteAlertRule deletes an alert rule

func (*AuditManager) DisableAlertRule

func (m *AuditManager) DisableAlertRule(id string) error

DisableAlertRule disables an alert rule

func (*AuditManager) EnableAlertRule

func (m *AuditManager) EnableAlertRule(id string) error

EnableAlertRule enables an alert rule

func (*AuditManager) GetAlertRules

func (m *AuditManager) GetAlertRules() []AlertRule

GetAlertRules returns all alert rules

func (*AuditManager) GetAuditLog

func (m *AuditManager) GetAuditLog(ctx context.Context, id string) (*AuditEvent, error)

GetAuditLog retrieves a specific audit log by ID

func (*AuditManager) LogAudit

func (m *AuditManager) LogAudit(ctx context.Context, log *AuditEvent) error

LogAudit logs an audit event to all configured loggers

func (*AuditManager) QueryAuditLogs

func (m *AuditManager) QueryAuditLogs(ctx context.Context, filter *AuditQueryFilter) ([]*AuditEvent, error)

QueryAuditLogs queries audit logs based on filters

func (*AuditManager) UpdateAlertRule

func (m *AuditManager) UpdateAlertRule(rule AlertRule) error

UpdateAlertRule updates an existing alert rule

type AuditQueryFilter

type AuditQueryFilter struct {
	// User ID to filter by
	UserID string `json:"user_id,omitempty"`

	// Username to filter by
	Username string `json:"username,omitempty"`

	// Action to filter by
	Action common.AuditAction `json:"action,omitempty"`

	// Resource type to filter by
	Resource string `json:"resource,omitempty"`

	// Resource ID to filter by
	ResourceID string `json:"resource_id,omitempty"`

	// IP address to filter by
	IPAddress string `json:"ip_address,omitempty"`

	// Minimum severity level to include
	MinSeverity common.AuditSeverity `json:"min_severity,omitempty"`

	// Maximum severity level to include
	MaxSeverity common.AuditSeverity `json:"max_severity,omitempty"`

	// Status to filter by
	Status string `json:"status,omitempty"`

	// Session ID to filter by
	SessionID string `json:"session_id,omitempty"`

	// Start time for the query range
	StartTime time.Time `json:"start_time,omitempty"`

	// End time for the query range
	EndTime time.Time `json:"end_time,omitempty"`

	// Maximum number of results to return
	Limit int `json:"limit,omitempty"`

	// Number of results to skip
	Offset int `json:"offset,omitempty"`

	// Field to sort by
	SortBy string `json:"sort_by,omitempty"`

	// Sort order (asc or desc)
	SortOrder string `json:"sort_order,omitempty"`

	// Tags to filter by (must match all)
	Tags []string `json:"tags,omitempty"`

	// Request ID to filter by
	RequestID string `json:"request_id,omitempty"`

	// Whether to include system-generated events
	IncludeSystemGenerated bool `json:"include_system_generated,omitempty"`

	// Full-text search query
	Query string `json:"query,omitempty"`
}

AuditQueryFilter defines filters for querying audit logs

type DatabaseAuditLogger

type DatabaseAuditLogger struct {
	// contains filtered or unexported fields
}

DatabaseAuditLogger is a database-based implementation of AuditLogger

func NewDatabaseAuditLogger

func NewDatabaseAuditLogger(dbURL string, config *AuditConfig) (*DatabaseAuditLogger, error)

NewDatabaseAuditLogger creates a new database-based audit logger

func (*DatabaseAuditLogger) GetAuditLog

func (l *DatabaseAuditLogger) GetAuditLog(ctx context.Context, id string) (*AuditEvent, error)

GetAuditLog retrieves a specific audit log by ID

func (*DatabaseAuditLogger) LogAudit

func (l *DatabaseAuditLogger) LogAudit(ctx context.Context, event *AuditEvent) error

LogAudit logs an audit event to the database

func (*DatabaseAuditLogger) QueryAuditLogs

func (l *DatabaseAuditLogger) QueryAuditLogs(ctx context.Context, filter *AuditQueryFilter) ([]*AuditEvent, error)

QueryAuditLogs queries audit logs from the database

type FileAuditLogger

type FileAuditLogger struct {
	// contains filtered or unexported fields
}

FileAuditLogger is a file-based implementation of AuditLogger

func NewFileAuditLogger

func NewFileAuditLogger(filePath string, config *AuditConfig) (*FileAuditLogger, error)

NewFileAuditLogger creates a new file-based audit logger

func (*FileAuditLogger) Close

func (l *FileAuditLogger) Close() error

Close closes the file audit logger

func (*FileAuditLogger) GetAuditLog

func (l *FileAuditLogger) GetAuditLog(ctx context.Context, id string) (*AuditEvent, error)

GetAuditLog retrieves a specific audit log by ID

func (*FileAuditLogger) LogAudit

func (l *FileAuditLogger) LogAudit(ctx context.Context, event *AuditEvent) error

LogAudit logs an audit event to the file

func (*FileAuditLogger) QueryAuditLogs

func (l *FileAuditLogger) QueryAuditLogs(ctx context.Context, filter *AuditQueryFilter) ([]*AuditEvent, error)

QueryAuditLogs queries audit logs from the file

type InMemoryAuditLogger

type InMemoryAuditLogger struct {
	// contains filtered or unexported fields
}

InMemoryAuditLogger is an in-memory implementation of AuditLogger

func NewInMemoryAuditLogger

func NewInMemoryAuditLogger(config *AuditConfig) *InMemoryAuditLogger

NewInMemoryAuditLogger creates a new in-memory audit logger

func (*InMemoryAuditLogger) GetAuditLog

func (l *InMemoryAuditLogger) GetAuditLog(ctx context.Context, id string) (*AuditEvent, error)

GetAuditLog retrieves a specific audit log by ID

func (*InMemoryAuditLogger) LogAudit

func (l *InMemoryAuditLogger) LogAudit(ctx context.Context, event *AuditEvent) error

LogAudit logs an audit event to memory

func (*InMemoryAuditLogger) QueryAuditLogs

func (l *InMemoryAuditLogger) QueryAuditLogs(ctx context.Context, filter *AuditQueryFilter) ([]*AuditEvent, error)

QueryAuditLogs queries audit logs based on filters

type SyslogAuditLogger

type SyslogAuditLogger struct {
	// contains filtered or unexported fields
}

SyslogAuditLogger is a syslog-based implementation of AuditLogger

func NewSyslogAuditLogger

func NewSyslogAuditLogger(config *AuditConfig) (*SyslogAuditLogger, error)

NewSyslogAuditLogger creates a new syslog-based audit logger

func (*SyslogAuditLogger) GetAuditLog

func (l *SyslogAuditLogger) GetAuditLog(ctx context.Context, id string) (*AuditEvent, error)

GetAuditLog retrieves a specific audit log by ID

func (*SyslogAuditLogger) LogAudit

func (l *SyslogAuditLogger) LogAudit(ctx context.Context, event *AuditEvent) error

LogAudit logs an audit event to syslog

func (*SyslogAuditLogger) QueryAuditLogs

func (l *SyslogAuditLogger) QueryAuditLogs(ctx context.Context, filter *AuditQueryFilter) ([]*AuditEvent, error)

QueryAuditLogs queries audit logs from syslog

Directories

Path Synopsis
Package trail provides a comprehensive audit trail system for tracking all operations
Package trail provides a comprehensive audit trail system for tracking all operations

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL