14.2.3. Audit log

14.2.3.1. Base class

class edumfa.lib.auditmodules.base.Audit(config=None, startdate=None)[source]

Create a new audit object.

Parameters:
  • config (dict) – The web config is passed to the audit module, so that the special module implementation can get its configuration.

  • startdate (datetime) – The datetime of the beginning of the request

Returns:

Audit object

add_policy(policyname)[source]

This method adds a triggered policyname to the list of triggered policies.

Parameters:

policyname – A string or a list of strings as policynames

Returns:

add_to_log(param, add_with_comma=False)[source]

Add to existing log entry.

Parameters:
  • param

  • add_with_comma – If set to true, new values will be appended comma separated

Returns:

audit_entry_to_dict(audit_entry)[source]

If the search_query returns an iterator with elements that are not a dictionary, the audit module needs to provide this function, to convert the audit entry to a dictionary.

property available_audit_columns
csv_generator(param=None, user=None, timelimit=None)[source]

A generator that can be used to stream the audit log

Parameters:

param

Returns:

finalize_log()[source]

This method is called to finalize the audit_data. I.e. sign the data and write it to the database. It should hash the data and do a hash chain and sign the data

get_audit_id()[source]
get_count(search_dict, timedelta=None, success=None)[source]

Returns the number of found log entries. E.g. used for checking the timelimit.

Parameters:

param – List of filter parameters

Returns:

number of found entries

get_total(param, AND=True, display_error=True, timelimit=None)[source]

This method returns the total number of audit entries in the audit store

property has_data
initialize_log(param)[source]

This method initialized the log state. The fact, that the log state was initialized, also needs to be logged. Therefor the same parameters are passed as in the log method.

is_readable = False
log(param)[source]

This method is used to log the data. During a request this method can be called several times to fill the internal audit_data dictionary.

Add new log details in param to the internal log data self.audit_data.

Parameters:

param (dict) – Log data that is to be added

Returns:

None

log_token_num(count)[source]

Log the number of the tokens. Can be passed like log_token_num(get_tokens(count=True))

Parameters:

count (int) – Number of tokens

Returns:

read_keys(pub, priv)[source]

Set the private and public key for the audit class. This is achieved by passing the values:


Parameters:
  • pub (string with filename) – Public key, used for verifying the signature

  • priv (string with filename) – Private key, used to sign the audit entry

Returns:

None

search(search_dict, page_size=15, page=1, sortorder='asc', timelimit=None)[source]

This function is used to search audit events.

Param:

Search parameters can be passed.

Returns:

A pagination object

search_query(search_dict, page_size=15, page=1, sortorder='asc', sortname='number', timelimit=None)[source]

This function returns the audit log as an iterator on the result

14.2.3.2. SQL Audit module

class edumfa.lib.auditmodules.sqlaudit.Audit(config=None, startdate=None)[source]

This is the SQLAudit module, which writes the audit entries to an SQL database table.

It requires the following configuration parameters in The Config File:

  • EDUMFA_AUDIT_KEY_PUBLIC

  • EDUMFA_AUDIT_KEY_PRIVATE

If you want to host the SQL Audit database in another DB than the token DB, you can use:

  • EDUMFA_AUDIT_SQL_URI and

  • EDUMFA_AUDIT_SQL_OPTIONS

With EDUMFA_AUDIT_SQL_OPTIONS = {} You can pass options to the DB engine creation. If EDUMFA_AUDIT_SQL_OPTIONS is not set, SQLALCHEMY_ENGINE_OPTIONS will be used.

This module also takes the following optional parameters:

  • EDUMFA_AUDIT_POOL_SIZE

  • EDUMFA_AUDIT_POOL_RECYCLE

  • EDUMFA_AUDIT_SQL_TRUNCATE

  • EDUMFA_AUDIT_NO_SIGN

  • EDUMFA_CHECK_OLD_SIGNATURES

You can use EDUMFA_AUDIT_NO_SIGN = True to avoid signing of the audit log.

If EDUMFA_CHECK_OLD_SIGNATURES = True old style signatures (text-book RSA) will be checked as well, otherwise they will be marked as FAIL.

Create a new audit object.

Parameters:
  • config (dict) – The web config is passed to the audit module, so that the special module implementation can get its configuration.

  • startdate (datetime) – The datetime of the beginning of the request

Returns:

Audit object

audit_entry_to_dict(audit_entry)[source]

If the search_query returns an iterator with elements that are not a dictionary, the audit module needs to provide this function, to convert the audit entry to a dictionary.

clear()[source]

Deletes all entries in the database table. This is only used for test cases! :return:

csv_generator(param=None, user=None, timelimit=None)[source]

Returns the audit log as csv file.

Parameters:
  • timelimit (datetime.timedelta) – Limit the number of dumped entries by time

  • param (dict) – The request parameters

  • user – The user, who issued the request

Returns:

None. It yields results as a generator

finalize_log()[source]

This method is used to log the data. It should hash the data and do a hash chain and sign the data

get_count(search_dict, timedelta=None, success=None)[source]

Returns the number of found log entries. E.g. used for checking the timelimit.

Parameters:

param – List of filter parameters

Returns:

number of found entries

get_total(param, AND=True, display_error=True, timelimit=None)[source]

This method returns the total number of audit entries in the audit store

search(search_dict, page_size=15, page=1, sortorder='asc', timelimit=None)[source]

This function returns the audit log as a Pagination object.

Parameters:

timelimit (timedelta) – Only audit entries newer than this timedelta will be searched

search_query(search_dict, page_size=15, page=1, sortorder='asc', sortname='number', timelimit=None)[source]

This function returns the audit log as an iterator on the result

Parameters:

timelimit (timedelta) – Only audit entries newer than this timedelta will be searched