This includes a library and set of utilities to deal with audit events.

auditevent

test coverage Release

A small and flexible library to help you create audit events.

Context

While audit logging may seem like a very simple thing to add to an application, doing it right is full of caveats. This project aims to provide a simple, general, intuitive and standardized representation for an audit event, as well as tools to take this into use. This will help us have uniform logs and and meet regulatory compliance requirements.

Correct generation of audit events aids us in determining what's happening in our systems, doing forensic analysis on security incidents, as well as serving as evidence in court in case of a breach. Hence, why it's important for us to generate correct and accurate audit events.

As a guide to create this project and gather requirements for it, the NIST SP 800-53 Audit-related controls were used.

The project provides the following:

auditevent

An library to generate and write audit events.

Read more.

Gin middleware

Middleware for the Gin HTTP framework which allows us to write audit events.

Read more.

Metrics

The reference auditevent writer and the aforementioned Gin Middleware both have prometheus metric support baked in.

Read more.

audittail

A simple utility to read audit logs and reliably output them. e.g. in a sidecar container.

Read more.

Owner
metal toolbox
Tools for working on bare metal
metal toolbox
https://github.com/metal-toolbox/auditevent
Comments
  • Re-run `helm dependency update`

    Re-run `helm dependency update`

    The chart hadn't been updated and the helm dependencies were not built correctly. This fixes that.

    Signed-off-by: Juan Antonio Osorio [email protected]

  • ginaudit: Set Audit ID prior to calling next handler and add to context

    ginaudit: Set Audit ID prior to calling next handler and add to context

    This proposes we generate the audit id prior to passing control to the next handler in the audit middleware and adding the audit id to the context. This allows downstream systems (NATS events, etc) to attach those IDs when they write audit logs. I also added a new func to generate the audit event so we don't break backwards compatibility for folks already using the library.

  • chore(deps): update anothrnick/github-tag-action action to v1.56.0

    chore(deps): update anothrnick/github-tag-action action to v1.56.0

    Mend Renovate

    This PR contains the following updates:

    | Package | Type | Update | Change | |---|---|---|---| | anothrNick/github-tag-action | action | minor | 1.55.0 -> 1.56.0 |

    Release Notes

    anothrNick/github-tag-action

    v1.56.0: : Get the default branch from env vars also allow to overwrite as parameter

    Compare Source

    This is a feature from a hotfix where we add the option to specify a default branch from parameters else we capture the default branch from the runner$GITHUB_BASE_REF var

    Configuration

    πŸ“… Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

    🚦 Automerge: Enabled.

    β™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

    πŸ”• Ignore: Close this PR and you won't be reminded about this update again.

    • [ ] If you want to rebase/retry this PR, check this box

    This PR has been generated by Mend Renovate. View repository job log here.

  • fix(deps): update module github.com/gin-gonic/gin to v1.8.2

    fix(deps): update module github.com/gin-gonic/gin to v1.8.2

    Mend Renovate

    This PR contains the following updates:

    | Package | Type | Update | Change | |---|---|---|---| | github.com/gin-gonic/gin | require | patch | v1.8.1 -> v1.8.2 |

    Release Notes

    gin-gonic/gin

    v1.8.2

    Compare Source

    Bugs
    • fix(route): redirectSlash bug (https://togithub.com/gin-gonic/gin/pull/3227)ic/gin/pull/3227)))
    • fix(engine): missing route params for CreateTestContext (https://togithub.com/gin-gonic/gin/pull/2778)ic/gin/pull/2778))) (https://togithub.com/gin-gonic/gin/pull/2803)ic/gin/pull/2803)))
    Security
    • Fix the GO-2022-1144 vulnerability (https://togithub.com/gin-gonic/gin/pull/3432)ic/gin/pull/3432)))

    Configuration

    πŸ“… Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

    🚦 Automerge: Enabled.

    β™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

    πŸ”• Ignore: Close this PR and you won't be reminded about this update again.

    • [ ] If you want to rebase/retry this PR, check this box

    This PR has been generated by Mend Renovate. View repository job log here.

  • deleting values.yaml file

    deleting values.yaml file

    Desc:

    • It's not needed we are not using any values from "values.yaml" file so we are removing here.

    • Deleting old kube/scenarios as they are no longer required

  • Add release Makefile target

    Add release Makefile target

    Desc:

    • Updating helm-library to use latest audittail container whenever there is a release, this effectively does a release by doing e.g. TAG=v0.5.2 make release.
  • fix(deps): update module github.com/prometheus/common to v0.39.0

    fix(deps): update module github.com/prometheus/common to v0.39.0

    Mend Renovate

    This PR contains the following updates:

    | Package | Type | Update | Change | |---|---|---|---| | github.com/prometheus/common | require | minor | v0.38.0 -> v0.39.0 |

    Release Notes

    prometheus/common

    v0.39.0

    Compare Source

    • [ENHANCEMENT] Add support for proxy connect headers. #​409
    • [ENHANCEMENT] Add platform info to labels. #​403

    Configuration

    πŸ“… Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

    🚦 Automerge: Enabled.

    β™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

    πŸ”• Ignore: Close this PR and you won't be reminded about this update again.

    • [ ] If you want to rebase/retry this PR, check this box

    This PR has been generated by Mend Renovate. View repository job log here.

  • chore(deps): update anothrnick/github-tag-action action to v1.54.0

    chore(deps): update anothrnick/github-tag-action action to v1.54.0

    Mend Renovate

    This PR contains the following updates:

    | Package | Type | Update | Change | |---|---|---|---| | anothrNick/github-tag-action | action | minor | 1.52.0 -> 1.54.0 |

    Release Notes

    anothrNick/github-tag-action

    v1.54.0

    Compare Source

    v1.53.0: : Fixing repo tag bumps

    Compare Source

    Fixes action versioning bumps. From bug introduced in 1.50

    Configuration

    πŸ“… Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

    🚦 Automerge: Enabled.

    β™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

    πŸ”• Ignore: Close this PR and you won't be reminded about this update again.

    • [ ] If you want to rebase/retry this PR, check this box

    This PR has been generated by Mend Renovate. View repository job log here.

  • chore(deps): update actions/checkout action to v3

    chore(deps): update actions/checkout action to v3

    Mend Renovate

    This PR contains the following updates:

    | Package | Type | Update | Change | |---|---|---|---| | actions/checkout | action | major | v2 -> v3 |

    Release Notes

    actions/checkout

    v3

    Compare Source

    Configuration

    πŸ“… Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

    🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

    β™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

    πŸ”• Ignore: Close this PR and you won't be reminded about this update again.

    • [ ] If you want to rebase/retry this PR, check this box

    This PR has been generated by Mend Renovate. View repository job log here.

  • changed directory structure and added helm-release

    changed directory structure and added helm-release

    Desc: Whenever there is a change in the helm library chart pipeline will release the new version.

    • Changed directory structure(auditevent/charts/audittail)
    • Added helm-release.yml file
  • chore(deps): update hiberbee/github-action-helm action to v1.13.0 - autoclosed

    chore(deps): update hiberbee/github-action-helm action to v1.13.0 - autoclosed

    Mend Renovate

    This PR contains the following updates:

    | Package | Type | Update | Change | |---|---|---|---| | hiberbee/github-action-helm | action | minor | 1.5.0 -> 1.13.0 |

    Release Notes

    hiberbee/github-action-helm

    v1.13.0

    Compare Source

    Changed

    • Helm version bump to 3.9.0

    v1.12.0

    Compare Source

    Changed

    • Updated Helmfile version to latest 0.144.0

    v1.11.0

    Compare Source

    Changed

    • Versions bump

    v1.10.0

    Compare Source

    Changed

    • Versions bump: helm 3.7.2 and helmfile 0.143.0

    v1.9.1

    Compare Source

    Fixed

    • Wrong value argument positioning

    v1.9.0

    Compare Source

    Added

    • Helmfile now can accept values as Github Action parameter

    v1.8.0

    Compare Source

    Updated

    • Helmfile version bumped to 0.142.0
    • Helm version bumped to 3.7.1

    Changed

    • Helmfile & helm install output silenced by default, configurable

    v1.7.1

    Compare Source

    Fixed

    • selectors argument issue

    v1.7.0

    Compare Source

    Added

    • namespace argument introduced for helm & helmfile commands

    Fixed

    • selectors argument now properly resolved

    v1.6.0

    Compare Source

    Changed

    • helmfile-command and helm-command now just helmfile and helm.

    Configuration

    πŸ“… Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

    🚦 Automerge: Enabled.

    β™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

    πŸ”• Ignore: Close this PR and you won't be reminded about this update again.

    • [ ] If you want to rebase/retry this PR, check this box

    This PR has been generated by Mend Renovate. View repository job log here.

  • deleting charts folder from auditevent repo

    deleting charts folder from auditevent repo

    Desc:

    • I've copied audittail helm chart library to dedicated new repository under [metal-toolbox/k8s-audittail/] So, deleting charts folder here for clean up

    • Deleting ci pipeline jobs i.e. are helm-library-ci.yml and helm-release.yml

    • It's not needed we are not using any values from "values.yaml" file so we are removing here.

    • Updated correctly repository url tests/kube_scenario/Chart.yaml

  • NewDefaultAuditEventWriter: Fix documentation

    NewDefaultAuditEventWriter: Fix documentation

    The Go Doc for NewDefaultAuditEventWriter says:

    // AuditEventEncoderJSON is an encoder that encodes audit events
// using a default JSON encoder.

    Is AuditEventEncoderJSON a typo in the documentation, or should that be the function's name? Is the function supposed to use a JSON encoder?

  • EventWriter: Document / decide what to do about blocking write operations

    EventWriter: Document / decide what to do about blocking write operations

    While working on a project that uses this library, I implemented an Encoder that (accidentally) produced a deadlock. While write operations are usually considered non-blocking operations, there are exceptions such as writing to a FIFO pipe (by default the write blocks until a read occurs).

    In discussing the issue with @JAORMX, Ozz felt we should either support cancellation or document such a cases in the auditevent library.

  • audittail: output error to designated file

    audittail: output error to designated file

    The audittail container uses stdout to flush the audit logs it's tailing. This is useful for containers as they'll get immediately picked up by a log forwarder. However, we don't necessarily want to pollute these logs.

    However, we still want to know if the audittail container had an error. Having a dedicated error file (that is not necessarily stderr) would be ideal for this. In cases where audittail is deployed in Kubernetes, it could be /dev/termination-log.

  • Dependency Dashboard

    Dependency Dashboard

    This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

    This repository currently has no open or pending branches.

    Detected dependencies

    dockerfile
    images/audittail/Dockerfile
    • docker.io/library/golang 1.19
    github-actions
    .github/workflows/auto-tag.yml
    • actions/checkout v3
    • anothrNick/github-tag-action 1.56.0
    .github/workflows/codeql-analysis.yml
    • actions/checkout v3
    • github/codeql-action v2
    • github/codeql-action v2
    • github/codeql-action v2
    .github/workflows/dependency-review.yml
    • actions/checkout v3
    • actions/dependency-review-action v3
    .github/workflows/helm-library-ci.yml
    • actions/checkout v3
    • azure/setup-helm v3
    .github/workflows/helm-release.yml
    • actions/checkout v3
    • azure/setup-helm v3
    • helm/chart-releaser-action v1.4.1
    .github/workflows/release-latest.yml
    .github/workflows/release.yml
    • actions/checkout v3
    • softprops/action-gh-release v1
    .github/workflows/security.yml
    • actions/checkout v3
    • github/codeql-action v2
    • actions/checkout v3
    • anchore/scan-action v3
    • github/codeql-action v2
    .github/workflows/test.yml
    • actions/checkout v3
    • actions/setup-go v3
    • codecov/codecov-action v3
    • actions/checkout v3
    • docker/build-push-action v3
    • anchore/scan-action v3
    • github/codeql-action v2
    • actions/checkout v3
    • helm/kind-action v1.5.0
    • azure/setup-helm v3
    gomod
    go.mod
    • go 1.19
    • github.com/gin-gonic/gin v1.8.2
    • github.com/go-logr/logr v1.2.3
    • github.com/go-logr/zapr v1.2.3
    • github.com/google/uuid v1.3.0
    • github.com/prometheus/client_golang v1.14.0
    • github.com/prometheus/common v0.39.0
    • github.com/spf13/cobra v1.6.1
    • github.com/stretchr/testify v1.8.1
    • go.uber.org/zap v1.24.0
    • golang.org/x/sync v0.1.0
    • [ ] Check this box to trigger a request for Renovate to run again on this repository
Related tags
Logging and Monitoring audit audit-log
Pixie gives you instant visibility by giving access to metrics, events, traces and logs without changing code.
 Pixie gives you instant visibility by giving access to metrics, events, traces and logs without changing code.

Pixie gives you instant visibility by giving access to metrics, events, traces and logs without changing code.

Jan 4, 2023
Easily listen to events from multiple contracts using go-ethereum bindings!

eth-log-aggregator Easily listen to events from multiple contracts using go-ethereum bindings! Usage The usage of this tool is exactly the same as abi

Dec 2, 2022
Hook for sending events zap logger to telegram.

zaptelegram Hook for sending events to telegram for zap logger. Install: go get -u github.com/strpc/zaptelegram Basic usage: package main import ( "

Oct 15, 2022
Utilities for slightly better logging in Go (Golang).

logutils logutils is a Go package that augments the standard library "log" package to make logging a bit more modern, without fragmenting the Go ecosy

Dec 16, 2022
a lightweight, high-performance, out-of-the-box logging library that relies solely on the Go standard library

English | δΈ­ζ–‡ olog olog is a lightweight, high-performance, out-of-the-box logging library that relies solely on the Go standard library. Support outpu

Apr 12, 2023
Library and program to parse and forward HAProxy logs

haminer Library and program to parse and forward HAProxy logs. Supported forwarder, Influxdb Requirements Go for building from source code git for dow

Aug 17, 2022
Simple and blazing fast lockfree logging library for golang
 Simple and blazing fast lockfree logging library for golang

glg is simple golang logging library Requirement Go 1.11 Installation go get github.com/kpango/glg Example package main import ( "net/http" "time"

Nov 28, 2022
The Simplest and worst logging library ever written

gologger A Simple Easy to use go logger library. Displays Colored log into console in any unix or windows platform. You can even store your logs in fi

Sep 26, 2022
Seelog is a native Go logging library that provides flexible asynchronous dispatching, filtering, and formatting.

Seelog Seelog is a powerful and easy-to-learn logging framework that provides functionality for flexible dispatching, filtering, and formatting log me

Jan 3, 2023
A flexible process data collection, metrics, monitoring, instrumentation, and tracing client library for Go
 A flexible process data collection, metrics, monitoring, instrumentation, and tracing client library for Go

Package monkit is a flexible code instrumenting and data collection library. See documentation at https://godoc.org/gopkg.in/spacemonkeygo/monkit.v3 S

Dec 14, 2022
Hierarchical, leveled, and structured logging library for Go

spacelog Please see http://godoc.org/github.com/spacemonkeygo/spacelog for info License Copyright (C) 2014 Space Monkey, Inc. Licensed under the Apach

Apr 27, 2021
Simple and extensible monitoring agent / library for Kubernetes: https://gravitational.com/blog/monitoring_kubernetes_satellite/

Satellite Satellite is an agent written in Go for collecting health information in a kubernetes cluster. It is both a library and an application. As a

Nov 10, 2022
Litter is a pretty printer library for Go data structures to aid in debugging and testing.

Litter Litter is a pretty printer library for Go data structures to aid in debugging and testing. Litter is provided by Sanity: The Headless CMS Const

Dec 28, 2022
Parametrized JSON logging library in Golang which lets you obfuscate sensitive data and marshal any kind of content.
 Parametrized JSON logging library in Golang which lets you obfuscate sensitive data and marshal any kind of content.

Noodlog Summary Noodlog is a Golang JSON parametrized and highly configurable logging library. It allows you to: print go structs as JSON messages; pr

Oct 27, 2022
Go-mix - Both a tutorial paper and a library of classic TAOCP algorithms in the Go language

MIX golang This package is both a tutorial paper and a library of classic TAOCP

Jul 25, 2022
The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many more.
The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many more.

The open-source platform for monitoring and observability. Grafana allows you to query, visualize, alert on and understand your metrics no matter wher

Jan 3, 2023
Logging library for Golang

GLO Logging library for Golang Inspired by Monolog for PHP, severity levels are identical Install go get github.com/lajosbencz/glo Severity levels Deb

Sep 26, 2022
Gomol is a library for structured, multiple-output logging for Go with extensible logging outputs

gomol Gomol (Go Multi-Output Logger) is an MIT-licensed structured logging library for Go. Gomol grew from a desire to have a structured logging libra

Sep 26, 2022
Minimalistic logging library for Go.
 Minimalistic logging library for Go.

logger Minimalistic logging library for Go. Blog Post Features: Advanced output filters (package and/or level) Attributes Timers for measuring perform

Nov 16, 2022