Add support for JSON logging for audit events (!22471) · Merge requests · GitLab.org / GitLab FOSS

Stan Hu requested to merge sh-add-audit-logging-json-ce into master Oct 18, 2018

This will add audit_json.log that writes one line per audit event. Why?

This makes it easier for customers to ship these logs to tools such as Elasticsearch, Splunk, BigQuery, RedShift for analysis
Removes an immediate need to add an API for audit events, export to CSV, and provide more UI tools for querying
Punts on database schema/management that we need in general for audit logs

Logs will automatically be rotated in Omnibus. Each event is generated in the format such as the following:

{
    "severity":"INFO",
    "time":"2018-10-17T17:38:22.523Z",
    "author_id":3,
    "entity_id":2,
    "entity_type":"Project",
    "change":"visibility",
    "from":"Private",
    "to":"Public",
    "author_name":"John Doe4",
    "target_id":2,
    "target_type":"Project",
    "target_details":"namespace2/project2"
}

EE port: https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/7978

Edited Oct 29, 2021 by 🤖 GitLab Bot 🤖

Admin message

Add support for JSON logging for audit events

Merge request reports