A small and flexible library to help you create audit events.
It also includes a helper container image for you to be able to forward audit events.
While audit logging may seem like a very simple thing to add to an application, doing it right is full of caveats. This project aims to provide a simple, general, intuitive and standardized representation for an audit event, as well as tools to take this into use. This will help us have uniform logs and and meet regulatory compliance requirements.
Correct generation of audit events aids us in determining what's happening in our systems, doing forensic analysis on security incidents, as well as serving as evidence in court in case of a breach. Hence, why it's important for us to generate correct and accurate audit events.
As a guide to create this project and gather requirements for it, the NIST SP 800-53 Audit-related controls were used.
The project provides the following:
An library to generate and write audit events.
Helm library to use audittail container.
Middleware for the Gin HTTP framework which allows us to write audit events.
The reference auditevent writer and the aforementioned Gin Middleware
both have prometheus metric support baked in.
A simple utility to read audit logs and reliably output them. e.g. in a sidecar container.