Audit

Send HTTP Requests to an Audit Log

GSLHTTPAvailable since: v1

The Observables Filter configures the Proxy to emit a JSON payload with every request made to the microservice. This JSON Payload contains a variety of different information about the request being made, as well as the user/system issuing the request. These Observables can then be aggregated to perform analysis like: audits, user-experience tracking, etc.

Observable publishing defaults to stdout but can also be published to a Kafka topic or location on disk.

Configuration

The base GSL type is AuditFilter

emitFullResponse

Boolean

Show response body in the observable object.

topic

String

Sets the eventType field of the observable; used to sort and group messages by service/region/environment/etc in later analysis.

useKafka

Boolean

Publish observable message to a Kafka topic

enforceAudit

Boolean

Block requests until an observable has been successfully published to Kafka. Only applies if `useKafka` is `true`.

encryptionAlgorithm

String

Type of encryption. Must be 'aes' or blank.

encryptionKey

String

Must be blank or base 64 encoded string of 16, 24, or 32 bytes. 32 bytes is recommended.

encryptionKeyID

uint32

User supplied number to identify the key used in encryption.

eventTopic

String

The Kafka topic that will hold the published observable messages.

kafkaZKDiscover

Boolean

If true, Kafka will be discovered through a zookeeper node. Default is false.

kafkaServerConnection

String

Comma delimited list of Kafka broker addresses, or if `kafkaZKDiscover` is `true`, a list of ZooKeeper addresses.

useKafkaTLS

Boolean

Enable TLS communication to the supplied kafka brokers.

kafkaCAs

String

List of file URLs that point to trusts to be used when connecting to kafka.

kafkaCertificate

String

File URL pointing to certificate to use when connecting to kafka over TLS

kafkaCertificateKey

String

File URL pointing to certificate key to use when connecting to kafka

kafkaServerName

String

Certificate server name to use when connecting to kafka.

Example

Payload encryption can be enabled in the filter config. Each encryption key should be assigned a unique ID.

gsl.#AuditFilter & {
  #options: {
    emitFullResponse: true
    useKafka: false
    enforceAudit: false
    logLevel: "debug"
    encryptionAlgorithm: "aes"
    encryptionKey: "kvTujluRwliCWBWQvvvIxQr2Fxw3tY4cNCfkdlEobtQ="
    encryptionKeyID: 1
  }
}

Payloads

Turning on full response payloads (emitFullResponse: true) can cause significant amounts of data to be written to the payload. The observables filter will attempt to write the entire response, even if it’s a gigabyte payload, so take care.