Ticket #1099 (new task)

Opened 9 years ago

[S] Extend logging to enable audit log to Database

Reported by: pjkersha Owned by: pjkersha
Priority: desirable Milestone: CMIP5 Security
Component: security Version:
Keywords: security, logging Cc:

Description

Add a database logger to NDG Security to enable access requests to be logged to a database. Integrate calls to it into the PDP (Policy Decision Point). This is to enable greater traceability of users and user activity given the change to federated access via ESG and OpenID accounts.

Implementation: extend logging class adding SQLAlchemy back end and add a new custom log level to enable e.g.

class = DatabaseHandler
args = (sqlite:///usr/local/ndg-security/audit/user.db,)
level = AUDIT 

and,

log.audit("Access to %r granted for user %r", resource, user)
Note: See TracTickets for help on using tickets.