Audit Logs

Let's talk about it

 

Before to start let think about:

  • Do we need to think about an Audit Strategy.?
  • Does the Audit process need to be configurable?
  • Does the Audit Logs need any Maintenance?
  • Which technicall Implementation is the correct ?

Possible discussion points

  • Define an Audit Strategy.
  • Audit Logs Configuration
  • Audit Logs Maintenance
  • Audit Logs Implementation

Define an Audit Strategy

  • What are we required to audit?
  • How long are we required to keep the audit data?
  • How much storage space do you have?
  • What is the purpose of the audited data
  • How critical is it that auditing happens?
  • Does it make sense have different type of logs? 

Identify areas to audit 

  • Audit Data changes
  • Audit Application
    • Logons
    • Define which data entities need to be audited
    • Audit configuration
    • Schema modification
    • Define Areas or actions which will generate a lot of not useful date

Audit Log Configuration

Really ?

Do we need do configurable Audit Logs ?

Audit Log Configuration

  • What are we required to audit?
  • How long are we required to keep the audit data?
  • How much storage space do you have?
  • What is the purpose of the audited data
  • How critical is it that auditing happens?

Audit Log Configuration

Different levels of logs configuration :

  • Debug/ Paranoiac mode: full trace used for hard debugging
    Full mode trace use for developers to trace as much as we want.
  • Medium:
    Reduce the number generated of traces to just trace the relevance information
  • Production:
    Define which will be the level of trace of the productions
  • Minimum:
    I this case we'll just log the the errors or exception to 

Audit Logs Maintenace

  • Recycling Logs
  • Restore logs?
  • What else?

Audit Logs Implementation

????? to do ....

Audit Logs Implementation

 

https://www.slideshare.net/JontheBeach/managing-your-black-friday-logs 

Audit Logs Implementation

What about any architecture pattern??

 

Do we need it?

Audit Logs Implementation

Implement an architecture to log the events using the pattern Event source   https://martinfowler.com/eaaDev/EventSourcing.html

Audit

By Jesús Estévez

Made with Slides.com

Audit

  • 759

More from Jesús Estévez