14.2.3. Audit log¶
14.2.3.1. Base class¶
- class edumfa.lib.auditmodules.base.Audit(config=None, startdate=None)[source]¶
Create a new audit object.
- Parameters:
config (dict) – The web config is passed to the audit module, so that the special module implementation can get its configuration.
startdate (datetime) – The datetime of the beginning of the request
- Returns:
Audit object
- add_policy(policyname)[source]¶
This method adds a triggered policyname to the list of triggered policies.
- Parameters:
policyname – A string or a list of strings as policynames
- Returns:
- add_to_log(param, add_with_comma=False)[source]¶
Add to existing log entry.
- Parameters:
param
add_with_comma – If set to true, new values will be appended comma separated
- Returns:
- audit_entry_to_dict(audit_entry)[source]¶
If the search_query returns an iterator with elements that are not a dictionary, the audit module needs to provide this function, to convert the audit entry to a dictionary.
- property available_audit_columns¶
- csv_generator(param=None, user=None, timelimit=None)[source]¶
A generator that can be used to stream the audit log
- Parameters:
param
- Returns:
- finalize_log()[source]¶
This method is called to finalize the audit_data. I.e. sign the data and write it to the database. It should hash the data and do a hash chain and sign the data
- get_count(search_dict, timedelta=None, success=None)[source]¶
Returns the number of found log entries. E.g. used for checking the timelimit.
- Parameters:
param – List of filter parameters
- Returns:
number of found entries
- get_total(param, AND=True, display_error=True, timelimit=None)[source]¶
This method returns the total number of audit entries in the audit store
- property has_data¶
- initialize_log(param)[source]¶
This method initialized the log state. The fact, that the log state was initialized, also needs to be logged. Therefor the same parameters are passed as in the log method.
- is_readable = False¶
- log(param)[source]¶
This method is used to log the data. During a request this method can be called several times to fill the internal audit_data dictionary.
Add new log details in param to the internal log data self.audit_data.
- Parameters:
param (dict) – Log data that is to be added
- Returns:
None
- log_token_num(count)[source]¶
Log the number of the tokens. Can be passed like log_token_num(get_tokens(count=True))
- Parameters:
count (int) – Number of tokens
- Returns:
- read_keys(pub, priv)[source]¶
Set the private and public key for the audit class. This is achieved by passing the values:
- Parameters:
pub (string with filename) – Public key, used for verifying the signature
priv (string with filename) – Private key, used to sign the audit entry
- Returns:
None
14.2.3.2. SQL Audit module¶
- class edumfa.lib.auditmodules.sqlaudit.Audit(config=None, startdate=None)[source]¶
This is the SQLAudit module, which writes the audit entries to an SQL database table.
It requires the following configuration parameters in The Config File:
EDUMFA_AUDIT_KEY_PUBLIC
EDUMFA_AUDIT_KEY_PRIVATE
If you want to host the SQL Audit database in another DB than the token DB, you can use:
EDUMFA_AUDIT_SQL_URI
andEDUMFA_AUDIT_SQL_OPTIONS
With
EDUMFA_AUDIT_SQL_OPTIONS = {}
You can pass options to the DB engine creation. IfEDUMFA_AUDIT_SQL_OPTIONS
is not set,SQLALCHEMY_ENGINE_OPTIONS
will be used.This module also takes the following optional parameters:
EDUMFA_AUDIT_POOL_SIZE
EDUMFA_AUDIT_POOL_RECYCLE
EDUMFA_AUDIT_SQL_TRUNCATE
EDUMFA_AUDIT_NO_SIGN
EDUMFA_CHECK_OLD_SIGNATURES
You can use
EDUMFA_AUDIT_NO_SIGN = True
to avoid signing of the audit log.If
EDUMFA_CHECK_OLD_SIGNATURES = True
old style signatures (text-book RSA) will be checked as well, otherwise they will be marked asFAIL
.Create a new audit object.
- Parameters:
config (dict) – The web config is passed to the audit module, so that the special module implementation can get its configuration.
startdate (datetime) – The datetime of the beginning of the request
- Returns:
Audit object
- audit_entry_to_dict(audit_entry)[source]¶
If the search_query returns an iterator with elements that are not a dictionary, the audit module needs to provide this function, to convert the audit entry to a dictionary.
- clear()[source]¶
Deletes all entries in the database table. This is only used for test cases! :return:
- csv_generator(param=None, user=None, timelimit=None)[source]¶
Returns the audit log as csv file.
- Parameters:
timelimit (datetime.timedelta) – Limit the number of dumped entries by time
param (dict) – The request parameters
user – The user, who issued the request
- Returns:
None. It yields results as a generator
- finalize_log()[source]¶
This method is used to log the data. It should hash the data and do a hash chain and sign the data
- get_count(search_dict, timedelta=None, success=None)[source]¶
Returns the number of found log entries. E.g. used for checking the timelimit.
- Parameters:
param – List of filter parameters
- Returns:
number of found entries
- get_total(param, AND=True, display_error=True, timelimit=None)[source]¶
This method returns the total number of audit entries in the audit store