The audit module is intended for logging:
-
User actions
-
Integration services
-
Authorizations, sessions, failed access attempts
-
Openjdk 11
-
PostgreSQL 12
-
Apache ActiveMQ
-
N2O Security Admin 4
-
Keycloak versions 3-10
-
Optional: Keycloak extension
-
Java 11
-
JDBC
-
JMS
-
Spring Boot 2.1
-
Apache CXF 3.3
-
Querydsl 4.2
-
Liquibase 3.6.2
-
N2O Platform 3
-
N2O UI Framework 7
-
Building jar files:
mvn -pl audit-service,audit-webapp clean package
-
application launch:
mvn -pl audit-webapp docker-compose:up -P docker-dev
-
Container stopover and removal:
mvn -pl audit-webapp docker-compose:down -P docker-dev
-
Builded docker images removal:
docker rmi audit_db audit_audit-service audit_audit-webapp
After executing docker-compose:up there will be three containers:
-
audit_db_1 db container, is available on localhost:8949
-
audit_audit-service_1 backend service, is available on localhost:8948
-
audit_audit-webapp_1 webapp service, is available on localhost:8947
At first keycloak event logging must be enabled.
Add this entries to application.properties:
-
Backend service URL
audit.service.url
-
Authentication service base address(for example http://localhost:8080/auth/realms/master/protocol/openid-connect)
audit.security.oauth2.auth-server-uri=
-
Authentication token retrieval service address(for example /token)
audit.security.oauth2.access-token-uri=
-
OAuth2 OpenId Connect client identifier
audit.security.oauth2.client-id=
-
OAuth2 OpenId Connect cient secret key
audit.security.oauth2.client-secret=
-
Realm address from which event logs will be received (for example http://localhost:8080/auth/admin/realms/master)
-
If keycloak extension is used, the URL should be overridden (for example, for http://localhost:8080/auth/realms/master the admin module is not used in this case)
-
audit.security.oauth2.events-url=
-
Enabling keycloak extension usage mode
audit.security.oauth2.use-events-extension=true #default false
-
Subsystem code is used as auditSourceApplication (for example security)
audit.security.oauth2.code=
-
Event logs schedule Cron expression from OAuth2 (if "-" or not specified the service will not be started)
audit.security.oauth2.events-schedule=
The service used as a dependency in backend service.
Audit-export exports records accordingly to the applied filtering in csv.
Export service URL
audit.export.url = #example http://localhost:8948/api/audit/export
-
Replacing null values with a given one
export.config.if-null-value = #default null
-
Date format
export.config.date-format = #default dd.MM.yyyy HH:mm:ss
-
Export file name
export.config.file-name = #default audit_export
-
Limit on receiving log lines, set "0" to ignore setting
export.query.limit-select-row = #default 0
-
JDBC fetch size
export.query.hint-fetch-size = #default 10
-
Values delimiter
export.csv.field-delimiter = #default
-
Show table headers in csv file
export.csv.print-field-name = #default true