Symfony 2.7 application audit trail - Best practicies

Question

I have a large multi-tenanted Symfony2 application using doctrine and around 40 to 50 database tables in MySQL.

Has anybody had experience setting up an audit logging process for, at a minimum, tracking all Doctrine actions that create, edit or delete data in a large application?

Ideally it should "just happen" so that other developer don't need to worry about making their new entities or code "loggable".

I don't have specific requirements to meet (HIPAA etc) but it would be nice to be as close to any ISO27000 best practices as I can be.

My inital plan is to look at using some of the Doctrine lifecycle callbacks to grab the information and push it off into a a seperate MySQL database with no DELETE or UPDATE permissions. I'm concerned this method might have a big performance impact.

Has anybody done this before or anything similar that has any tips or words of warning abot my planned approach?

If it matters the whole stack is running on AWS and I can use any of their services in the EU-WEST-1 region. I am already using things like RDS, Elasticache and SQS.

Thanks!

Answer 1

OroPlatform is built in Symfony 2.8 and has a bundle called OroDataAuditBundle that audits all Doctrine entity operations (create, update, delete) at a deep level in just two tables: oro_audit and oro_audit_field.

And it looks like that in the UI:

You will not probably be able to use this bundle in your project - since it is built for OroPlatform - but, you could at least get some inspiration from their architecture.

If you want to check this audit system working, they have an online demo in https://demo.orocrm.com. Just log in as administrator and play around creating entries, and then you will be able to check all audit entries in https://demo.orocrm.com/audit.