[Config] Update 'Audit log' to using a new config (#3983)

* Updated and restructured Audit module page * Documented new audit log fields - uuid, severity * Added a new Severity level subsection to Custom events section (with examples) * Added audit_log reference section: - audit_log.extract_key, audit_log.spaces - new options - other options are moved from the box.cfg reference * Fixed typo in the tt search description Fixes #3667 Fixes tarantool/enterprise_doc#258 Fixes tarantool/enterprise_doc#257 Fixes tarantool/enterprise_doc#221 Fixes tarantool/enterprise_doc#248
tarantool · Feb 8, 2024 · 4b018aa · 4b018aa
1 parent 14909d2
commit 4b018aa
Show file tree

Hide file tree

Showing 10 changed files with 852 additions and 477 deletions.
diff --git a/doc/code_snippets/snippets/config/instances.enabled/audit_log/config.yaml b/doc/code_snippets/snippets/config/instances.enabled/audit_log/config.yaml
@@ -0,0 +1,17 @@
+audit_log:
+  to: file
+  file: 'audit_tarantool.log'
+  filter: [ user_create,data_operations,ddl,custom ]
+  format: json
+  spaces: [ bands ]
+  extract_key: true
+
+groups:
+  group001:
+    replicasets:
+      replicaset001:
+        instances:
+          instance001:
+            iproto:
+              listen:
+              - uri: '127.0.0.1:3301'
diff --git a/doc/code_snippets/snippets/config/instances.enabled/audit_log/instances.yml b/doc/code_snippets/snippets/config/instances.enabled/audit_log/instances.yml
@@ -0,0 +1 @@
+instance001:
diff --git a/doc/code_snippets/snippets/config/instances.enabled/audit_log/myapp.lua b/doc/code_snippets/snippets/config/instances.enabled/audit_log/myapp.lua
@@ -0,0 +1,51 @@
+-- myapp.lua --
+
+-- Create space
+function create_space()
+    box.schema.space.create('bands')
+    box.space.bands:format({
+        { name = 'id', type = 'unsigned' },
+        { name = 'band_name', type = 'string' },
+        { name = 'year', type = 'unsigned' }
+    })
+    box.space.bands:create_index('primary', { type = "tree", parts = { 'id' } })
+    box.space.bands:create_index('secondary', { type = "tree", parts = { 'band_name' } })
+    box.schema.user.grant('guest', 'read,write,execute', 'universe')
+end
+-- Insert data
+function load_data()
+    box.space.bands:insert { 1, 'Roxette', 1986 }
+    box.space.bands:insert { 2, 'Scorpions', 1965 }
+end
+
+local audit = require('audit')
+-- Log message string
+audit.log('Hello, Alice!')
+-- Log format string and arguments
+audit.log('Hello, %s!', 'Bob')
+-- Log table with audit log field values
+audit.log({ type = 'custom_hello', description = 'Hello, World!' })
+audit.log({ type = 'custom_farewell', user = 'eve', module = 'custom', description = 'Farewell, Eve!' })
+-- Create a new log module
+local my_audit = audit.new({ type = 'custom_hello', module = 'my_module' })
+my_audit:log('Hello, Alice!')
+my_audit:log({ tag = 'admin', description = 'Hello, Bob!' })
+
+-- Log 'Hello!' message with the VERBOSE severity level
+audit.log({ severity = 'VERBOSE', description = 'Hello!' })
+
+-- Log 'Hello!' message with a shortcut helper function
+audit.verbose('Hello!')
+
+-- Like audit.log(), a shortcut helper function accepts a table of options
+audit.verbose({ description = 'Hello!' })
+
+-- Severity levels are available for custom loggers
+local my_logger = audit.new({ module = 'my_module' })
+my_logger:log({ severity = 'ALARM', description = 'Alarm' })
+my_logger:alarm('Alarm')
+
+-- Overwrite session_type and remote fields
+audit.log({ type = 'custom_hello', description = 'Hello!',
+            session_type = 'my_session', remote = 'my_remote' })
+-- End
diff --git a/doc/code_snippets/snippets/config/instances.enabled/audit_log_pipe/config.yaml b/doc/code_snippets/snippets/config/instances.enabled/audit_log_pipe/config.yaml
@@ -0,0 +1,13 @@
+audit_log:
+  to: pipe
+  pipe: '| cronolog audit_tarantool.log'
+
+groups:
+  group001:
+    replicasets:
+      replicaset001:
+        instances:
+          instance001:
+            iproto:
+              listen:
+              - uri: '127.0.0.1:3301'
diff --git a/doc/code_snippets/snippets/config/instances.enabled/audit_log_pipe/instances.yml b/doc/code_snippets/snippets/config/instances.enabled/audit_log_pipe/instances.yml
@@ -0,0 +1 @@
+instance001:
diff --git a/doc/code_snippets/snippets/config/instances.enabled/audit_log_syslog/config.yaml b/doc/code_snippets/snippets/config/instances.enabled/audit_log_syslog/config.yaml
@@ -0,0 +1,20 @@
+audit_log:
+  to: syslog
+  syslog_server: 'unix:/dev/log'
+  syslog_facility: 'user'
+  syslog_identity: 'tarantool'
+  filter: 'audit,auth,priv,password_change,access_denied'
+  extract_key: false
+
+groups:
+  group001:
+    iproto:
+      listen:
+      - uri: '127.0.0.1:3301'
+    replicasets:
+      replicaset001:
+        instances:
+          instance001:
+            iproto:
+              listen:
+              - uri: '127.0.0.1:3301'
diff --git a/doc/code_snippets/snippets/config/instances.enabled/audit_log_syslog/instances.yml b/doc/code_snippets/snippets/config/instances.enabled/audit_log_syslog/instances.yml
@@ -0,0 +1 @@
+instance001: