Document Directory
The content of this section:
- Brief introduction
- Configuration
- Enable/disable via attributes
- Attention
Brief introduction
Wikipedia: "An audit trail (also known as an audit log) is a written document of a security-related timing record, record group, and/or record source and target, as a sequence of activities that affect any particular operation at any time."
The ABP provides an underlying framework to automatically record all interactions with the application, which can record intentional method calls and caller information and parameters.
Basically, the saved fields are: The associated tenant ID, the caller ID, the invoked service name (the class name of the called method), the method name being called, the execution parameters (serialized into JSON), the execution time, the length of execution (milliseconds), the client IP, the client computer name, and the exception (if the method throws an exception).
With this information, we can not only know who did the operation, but also measure the performance and observed anomalies of the application, or even more, such as you can count the frequency of your app's use.
The audit system uses Iabpseesion to obtain the current UserID and Tenantid.
Application services, MVC controllers, Web APIs, and ASP. NET core methods are automatically audited by default.
about Iauditingstore
The audit system uses Iauditingstore to hold audit information, although you can implement it in your own way, but it is fully implemented in the Module-zero project. If you do not implement it, Simplelogauditingstore will be used, which writes audit information to the log.
Configuration
To configure auditing, you can use the Configuration.auditing property in the Preinitialize method of your module. Auditing is available by default and you can disable it in the following ways:
Public class mymodule:abpmodule{ publicoverridevoid preinitialize () { false; } // ...}
Here is a list of audit configurations:
- IsEnabled: Enable/Disable the entire audit system, default: TRUE.
- Isenabledforanonymoususers: If set to true, the audit log is also saved if the user is not logged on to the system. The default is: false.
- Selectors: Select a different class to save the audit log
Selectors is a list of predicates, with other types to hold the audit log, a selector has a unique name and a predicate, and the only default selector in this list is to select the Application service class, which is defined as follows:
Configuration.Auditing.Selectors.Add ( new namedtypeselector ( " Abp.applicationservices", typeof (Iapplicationservice). IsAssignableFrom (type)) );
You can add your own selector in the Preinitialize method of your module, as well, if you don't want to save the audit log for app service, you can remove the selector by name, which is why you need a unique name (if you want to, You can use simple LINQ to find a selector in the selector and remove it).
Note: In addition to the standard audit configuration, MVC and the ASP. NET Core module defines the configuration of enable/disable audit logs for action.
Enable/disable via attributes
Although you can select an audit class by configuration, you can use the audited and disableauditing attributes for a separate class, method, for example:
[Audited] Public classmyclass{ Public voidMYMETHOD1 (inta) {//...} [disableauditing] Public voidMYMETHOD2 (stringb) {//... } Public voidMYMETHOD3 (intAintb) {//... }}
In addition to the other methods of the Mymethod2,myclass class are audited, because MYMETHOD2 explicitly disables auditing, the audited feature can be used on a single method, only to audit the methods of interest.
Disableauditing can be used on a single attribute of a DTO, so you may hide sensitive data, such as passwords, in the audit log.
Attention
- To record the audit log, the method must be public,private and protected methods are ignored.
- If a method is called through a class reference, this method must be virtual, if the class is injected through its interface, then this is not necessary (such as by injecting the Ipersonservice interface to use the Personservice Class), the ABP uses dynamic proxies and interceptors, So it's necessary. This does not apply to the MVC controller action because they may not be virtual.
<<ABP Documentation >> Audit logs