9

I have a web application, and I would like to audit most of the users actions on the application, for example login, insertion to db, update to db, fired exceptions, etc.

One of my senios suggested using a queue for faster performance, so you just enqeue an event and it is then processed automatically without having to wait for it to be processed.

What are your suggestions? How should I process them? Enqueueing them is no problem, but I'm not sure how they will be processed then without no body calling a method.

I am using C# with .NET 4.0

ccellar
  • 10,326
  • 2
  • 38
  • 56
Ryan S
  • 3,210
  • 17
  • 48
  • 79
  • Do you really need audit functionality or just logging? – ccellar Aug 02 '11 at 12:41
  • @ckeller I need to log the things in a file, and I also need to store them in the database. I will be logging what was changed, what was inserted, when an exception was fired, etc – Ryan S Aug 02 '11 at 12:46

5 Answers5

12

I've been working on a library that can probably help.

Audit.NET and its extensions to audit different systems (WCF, MVC, WebApi, EF) and store logs in different data storages (SQL, MongoDB, DocumentDB, File, EventLog) will give you the flexibility to configure what do you want to audit and where do you want to store the audit logs.

thepirat000
  • 12,362
  • 4
  • 46
  • 72
  • 1
    I love this framework but I don't quit get where it logs to. I'm using the Audit.NET and I've decorated my action with the AuditApi attribute. Where can I find the log? @theprat000 – Fortune Jun 01 '18 at 10:29
  • You decide whether to store/send the logs, via _Data Providers_, take a look at the documentation [here](https://github.com/thepirat000/Audit.NET#data-providers). By default if no data provider is configured, it will log to json files on the file system on the execution folder. You can configure it via `Audit.Core.Configuration.Setup().UseXXXX(...)` – thepirat000 Jun 02 '18 at 01:04
  • Worked perfectly! However, it also logs passwords in plain string. How can this be configured to mask sensitive data? – Fortune Jun 03 '18 at 12:56
  • 1
    One option is to setup a [Custom Action](https://github.com/thepirat000/Audit.NET#custom-actions) that executes before the event saving, so you can modify the final event to be saved. Another option is to create a [custom data provider](https://github.com/thepirat000/Audit.NET#data-providers) and have the mask logic there. – thepirat000 Jun 03 '18 at 19:35
  • Super reduced example of an Audit Action On Event Saving: `Audit.Core.Configuration.AddCustomAction(ActionType.OnEventSaving, e => { e.Event.GetWebApiAuditAction().ActionParameters["Password"] = "****"; });` – thepirat000 Jun 03 '18 at 19:56
  • This worked just as I expected. Thank you very much. – Fortune Jun 04 '18 at 16:52
  • Hi @thepirat000 I am using asp.net core project and want to log in SQL. Please let me know, which projects I need to add in my projects? Or Can I use it directly? If yes, In Program.cs or Startup.cs file? Or somewhere else? – Bharat Bhushan Jan 17 '20 at 11:46
  • You could reference the packages [`Audit.WebApi.Core`](https://github.com/thepirat000/Audit.NET/blob/master/src/Audit.WebApi/README.md) to generate the audit events for Asp.Net Core and [`Audit.NET.SqlServer`](https://github.com/thepirat000/Audit.NET/blob/master/src/Audit.NET.SqlServer/README.md) to store the events on a SQL server. – thepirat000 Jan 17 '20 at 15:38
  • Do I need to create own configurator and providers? Or can direct implements in built? – Bharat Bhushan Jan 18 '20 at 01:20
  • @thepirat000 I need to audit stored procedure DML changes. I tried via audit.net EF core extension but it seems to be not possible since audit.net library intercept SaveChanges method, SaveChanges method is not called when we execute stored procedure using EF Core. I need to log every change in the database via CUD/stored procedure. Also I need to audit ADO.NET DML statements. I am using .NET Core and SQL Server. Can you please suggest approach using audit.net library or any other library? It will be very helpful. – Ashish Kumar Jaryal Jan 08 '21 at 10:56
  • I have also raised a separate question for this. Please let me know if you need more details. https://stackoverflow.com/questions/65626192/is-there-any-way-to-audit-ado-net-calls-to-the-database-specially-stored-procedu?noredirect=1#comment116029359_65626192 – Ashish Kumar Jaryal Jan 08 '21 at 10:56
8

I would simply recommend an off the shelf logging framework that is stable and supported. Have you considered a logging framework, like log4net?

You could write a custom appender for logging into MSMQ if you'd like.

Armbrat
  • 2,295
  • 1
  • 23
  • 32
  • I have not considered it because it is not an option, I basically need to build an auditing framework which will be used for this application, and all future ones – Ryan S Aug 02 '11 at 12:35
  • @Ryan don't reinvent the wheel. Mature logging frameworks like NLog or log4net can be used as base for your task – ccellar Aug 02 '11 at 12:48
  • @Armbrat - Thanks I'm looking at log4net too, at first I tought you were referring to log4j and was puzzled because that's for Java – Ryan S Aug 02 '11 at 12:51
  • @Ryan - No man, log4j is for java, log4net is for .NET. NLog is good too. Just pick any that you feel comfortable with. My preference is log4net, but that's only because I've used it for so long. – Armbrat Aug 02 '11 at 12:54
  • @Armbrat - Sorry, I realized later after I was reading more about it, in fact I edited my message. Thanks for your feedback. – Ryan S Aug 02 '11 at 12:56
3

An alternative logger is called TracerX. It is written in C# and fast and flexible. Because the source code is available it means you can modify it as you wish to suit your needs. It comes with a viewer that allows for filtering the output.

https://github.com/MarkLTX/TracerX and an article on how to use it:

http://www.codeproject.com/KB/dotnet/TracerX.aspx

Deilan
  • 4,740
  • 3
  • 39
  • 52
ScruffyDuck
  • 2,606
  • 3
  • 34
  • 50
2

Two topics of interest actually:

  • Asynchronous logging
  • Aspect Oriented Features

Asynchronous logging may speed-up heavy processing 100-fold. Use a writer thread that dumps the queue into log sink every,say 100ms however that Logging engine must be deterministically started and stopped so it can flush the sinks on application stop.

Aspect Oriented Programming addressed your cross-cutting concern - audit/log calls shall be invoked in desired operation prologues/epilogues - look at PostSharp project.

itadapter DKh
  • 596
  • 3
  • 7
2

(Little late on the answer, this post shows up high in google, so I thought it may be worth looking at some of the options)

If you are looking to actually audit. (By this I mean to record that an action took place, who did it and when, and for that auditable log to be able to be used as evidence to an external auditor)

(Debug Logging vs Auditing logging)

If so, you can consider some options, such as:

  1. use an Audit logging library
  2. adopt an EventStore database
  3. use a logging library that fails loudly

1. using an audit library

  • Audit.NET has already been mentioned here and has an impressive number of downloads and is very feature-rich
  • auditable - an alternative to the above (disclaimer, its written by me)

both are pretty cool, as they allow you to bring your own datastore

2. Eventsourcing

The design here (which can impact your architecture to embrace Events) is that Events are immutable, and if you store them then you have an auditable store of things that happened in your system

note this does not look to solve the question above, but it does solve how to audit, so I have mentioned it

3. Logging library

you have to confirm that the logging library if it fails to add an Audit Log, it will throw an exception.

if it does not do that then you will be missing auditable logs, which then you cannot build trust with your Auditors

Side note 1 - with options 1 and 3, you may need to ensure that the log is written in the same transaction as your primary data store. to ensure that all of the information is ACID. (this is similar to the issue people have with publishing an event which is outside of the database transaction)

Side note 2 - that audit logs should be able to identify who did what, so you may/should need to encrypt the datastore they eventually end up in.

dbones
  • 4,415
  • 3
  • 36
  • 52