Menu
do you know any good Java library for audit logging? Or at least good book/article to help choose good approach to build audit log for an application?
Library requirements:
- define common audit metadata (userId, time, IP, ...)
- define audit message types (transaction sent, message received, ...)
- lock/sign individual audit messages (for non-repudiation)
- search audit log based on metadata
- etc.
Edit:
I'm not looking for automated solution, I'm perfectly happy with calling something like:
AuditEvent event = new TransactionSentEvent(userId, account, amount, ...)
AuditLog.audit(auditEvent);
The point is to have the infrastructure behind it - safe storage to database, non-reputability etc.
478
i) Restrict the access level of configuration and program-level resources. ii) Apply the principle of Secure Default. iv) While processing, do not save sensitive information on the file system of the server. v) Ensure server time is synchronized.
An audit trail should include the information needed to establish what events occurred and what person or system caused them. That event record would then specify when it happened, the user ID associated with it, the program or command that initiated the event, and the result.
So, if you are looking for a framework, you could try logback-audit. It is by the folks who are behind the Java logging library, logback.
143
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
