Audit Logging
Learn how to implement comprehensive audit logging to track user actions, system events, and maintain security compliance in your applications.
Prerequisites
- Understanding of database operations
- Familiarity with middleware patterns
- Basic security knowledge
- Experience with async operations
Audit Logging Overview
Visual representation of the audit logging process and data flow.
1
Configure Audit Logger
Set up audit logging infrastructure:
// Initialize audit logger
const auditLogger = {
async log(event) {
const entry = {
timestamp: new Date(),
event_type: event.type,
user_id: event.userId,
resource: event.resource,
action: event.action,
details: event.details,
ip_address: event.ip,
user_agent: event.userAgent
};
await db.audit_logs.create(entry);
}
};
// Middleware to capture audit events
const auditMiddleware = (req, res, next) => {
const originalSend = res.send;
res.send = function(body) {
auditLogger.log({
type: 'api_request',
userId: req.user?.id,
resource: req.originalUrl,
action: req.method,
details: { status: res.statusCode },
ip: req.ip,
userAgent: req.headers['user-agent']
});
originalSend.call(this, body);
};
next();
};2
Define Audit Events
Create audit event types and handlers:
// Audit event types
const AuditEventType = {
USER_LOGIN: 'user.login',
USER_LOGOUT: 'user.logout',
RESOURCE_CREATE: 'resource.create',
RESOURCE_UPDATE: 'resource.update',
RESOURCE_DELETE: 'resource.delete',
PERMISSION_CHANGE: 'permission.change',
SETTINGS_UPDATE: 'settings.update'
};
// Event handler example
async function handleUserLogin(userId, success, details) {
await auditLogger.log({
type: AuditEventType.USER_LOGIN,
userId,
action: 'login',
details: {
success,
...details
}
});
}3
Implement Storage
Set up audit log storage and retention:
// Database schema
CREATE TABLE audit_logs (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
timestamp TIMESTAMPTZ NOT NULL DEFAULT NOW(),
event_type VARCHAR(50) NOT NULL,
user_id UUID REFERENCES users(id),
resource VARCHAR(255),
action VARCHAR(50) NOT NULL,
details JSONB,
ip_address INET,
user_agent TEXT,
created_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
);
// Create indexes
CREATE INDEX idx_audit_timestamp ON audit_logs(timestamp);
CREATE INDEX idx_audit_user ON audit_logs(user_id);
CREATE INDEX idx_audit_type ON audit_logs(event_type);
// Implement retention policy
CREATE OR REPLACE FUNCTION cleanup_audit_logs()
RETURNS void AS $$
BEGIN
DELETE FROM audit_logs
WHERE timestamp < NOW() - INTERVAL '1 year';
END;
$$ LANGUAGE plpgsql;4
Query and Analysis
Implement audit log querying and analysis:
// Query audit logs
async function queryAuditLogs(filters) {
const query = db.audit_logs
.select('*')
.orderBy('timestamp', 'desc');
if (filters.userId) {
query.where('user_id', filters.userId);
}
if (filters.eventType) {
query.where('event_type', filters.eventType);
}
if (filters.dateRange) {
query.whereBetween('timestamp', [
filters.dateRange.start,
filters.dateRange.end
]);
}
return await query;
}
// Analyze patterns
async function analyzeActivityPatterns() {
const patterns = await db.audit_logs
.select('event_type')
.count('* as count')
.groupBy('event_type')
.orderBy('count', 'desc');
return patterns;
}Best Practices
Data Collection
Best practices for audit logging:
- Collect essential data only
- Standardize log formats
- Include context details
- Maintain data integrity
Security
Secure your audit logs:
- Encrypt sensitive data
- Implement access controls
- Prevent log tampering
- Regular backups
Performance
Optimize logging performance:
- Asynchronous logging
- Efficient storage
- Index optimization
- Log rotation
Common Issues
Performance Impact
Common performance issues:
- High disk usage
- Slow queries
- Memory pressure
- Network bottlenecks
Data Management
Data-related challenges:
- Log volume growth
- Retention policies
- Data consistency
- Storage optimization