& Lt; ABP document & gt; audit log, abp document Audit Log

<ABP document> Audit Log, and audit log

Document directory

 

Content of this section:

• Introduction
  • IAuditingStore
• Configuration
• Enable/disable features
• Note:

 

Introduction

Wikipedia: "an audit trail (also called an audit log) is a security-related time series record, record group, and/or record source and target, as a written document of a series of activities that affect a special operation at any time ".

A basic framework is provided to automatically record all interactions with applications. It can record intentional method calls and Caller information and parameters.

Basically, the saved fields include: related tenant id, caller id, called service name (called method class name), called method name, execution parameters (serialized as Json), execution time, execution duration (milliseconds), Client IP address, client computer name, and exception (if the method throws an exception ).

With this information, we can not only know who has done the operation, but also measure the performance of the application and observe exceptions, or even more. For example, you can count the usage frequency of your application.

The audit system uses IAbpSeesion to obtain the current UserId and TenantId.

The Application Service, Mvc controller, Web Api, and Asp.net Core methods are automatically audited by default.

 IAuditingStore
The audit system uses IAuditingStore to save audit information. Although you can implement it in your own way, it has been fully implemented in the module-zero project. If you do not implement it, SimpleLogAuditingStore will be used to write audit information into logs.

 

Configuration

To configure audit, you can use the Configuration. Auditing attribute in the PreInitialize method of your module. Audit is available by default. You can disable it as follows:

public class MyModule : AbpModule{    public override void PreInitialize()    {        Configuration.Auditing.IsEnabled = false;    }    //...}

 

Here is a list of audit configurations:

• IsEnabled: enables/disables the entire audit system. Default Value: true.
• IsEnabledForAnonymousUsers: if it is set to true, audit logs will be saved if the user does not log on to the system. The default value is false.
• Selectors: select other classes to save audit logs

Selectors is a predicate list that stores audit logs for other types. A selector has a unique name and a predicate. In this list, the unique default selector is used to select the application service class, its definition is as follows:

Configuration.Auditing.Selectors.Add(    new NamedTypeSelector(        "Abp.ApplicationServices",        type => typeof (IApplicationService).IsAssignableFrom(type)    ));

 

You can add your selector in the PreInitialize method of your module. Similarly, if you do not want to save audit logs for the application service, you can remove the selector by name, this is why a unique name is needed (if you want to, you can use simple Linq to find a Selector and remove it ).

Note: In addition to the standard audit configuration, the Mvc and Asp.net Core modules define the configuration for enabling/disabling audit logs for Action.

 

Enable/disable features

Although you can select audit classes through configuration, you can use Audited and DisableAuditing features for a separate class and method, for example:

[Audited]public class MyClass{    public void MyMethod1(int a)    {        //...    }    [DisableAuditing]    public void MyMethod2(string b)    {        //...    }    public void MyMethod3(int a, int b)    {        //...    }}

 

All methods except MyMethod2 and MyClass classes are Audited. Because MyMethod2 explicitly disables audit, the Audited feature can be used in one method and only audits the methods of interest.

DisableAuditing can be used on a single property of a DTO. Therefore, you can hide sensitive data, such as passwords, in audit logs.

 

Note:

• To record audit logs, the methods must be public, private, and protected will be ignored.
• If a method is called through class reference, the method must be virtual. If the class is injected through its interface, this is not necessary (for example, to use the PersonService class by injecting IPersonService interfaces), and it is necessary to use dynamic proxies and interceptors for the ABP. This is not applicable to the Action of the Mvc controller, because they may not be virtual.