16.2.3. Audit log

16.2.3.1. Base class

class privacyidea.lib.auditmodules.base.Audit(config=None, startdate=None)

Create a new audit object.

Parameters

• config (dict) – The web config is passed to the audit module, so that the special module implementation can get its configuration.

• startdate (datetime) – The datetime of the beginning of the request

Returns

Audit object

add_policy(policyname)

This method adds a triggered policyname to the list of triggered policies.

Parameters

policyname – A string or a list of strings as policynames

Returns

add_to_log(param, add_with_comma=False)

Add to existing log entry.

Parameters

• param –

• add_with_comma – If set to true, new values will be appended comma separated

Returns

audit_entry_to_dict(audit_entry)

If the search_query returns an iterator with elements that are not a dictionary, the audit module needs to provide this function, to convert the audit entry to a dictionary.

property available_audit_columns

csv_generator(param=None, user=None, timelimit=None)

A generator that can be used to stream the audit log

Parameters

param –

Returns

finalize_log()

This method is called to finalize the audit_data. I.e. sign the data and write it to the database. It should hash the data and do a hash chain and sign the data

get_audit_id()

get_count(search_dict, timedelta=None, success=None)

Returns the number of found log entries. E.g. used for checking the timelimit.

Parameters

param – List of filter parameters

Returns

number of found entries

get_total(param, AND=True, display_error=True, timelimit=None)

This method returns the total number of audit entries in the audit store

property has_data

initialize_log(param)

This method initialized the log state. The fact, that the log state was initialized, also needs to be logged. Therefor the same parameters are passed as in the log method.

is_readable = False

log(param)

This method is used to log the data. During a request this method can be called several times to fill the internal audit_data dictionary.

Add new log details in param to the internal log data self.audit_data.

Parameters

param (dict) – Log data that is to be added

Returns

None

log_token_num(count)

Log the number of the tokens. Can be passed like log_token_num(get_tokens(count=True))

Parameters

count (int) – Number of tokens

Returns

read_keys(pub, priv)

Set the private and public key for the audit class. This is achieved by passing the values:

priv = config.get("privacyideaAudit.key.private")
pub = config.get("privacyideaAudit.key.public")

Parameters

• pub (string with filename) – Public key, used for verifying the signature

• priv (string with filename) – Private key, used to sign the audit entry

Returns

None

search(search_dict, page_size=15, page=1, sortorder='asc', timelimit=None)

This function is used to search audit events.

Param

Search parameters can be passed.

Returns

A pagination object

search_query(search_dict, page_size=15, page=1, sortorder='asc', sortname='number', timelimit=None)

This function returns the audit log as an iterator on the result

16.2.3.2. SQL Audit module

class privacyidea.lib.auditmodules.sqlaudit.Audit(config=None, startdate=None)

This is the SQLAudit module, which writes the audit entries to an SQL database table.

It requires the following configuration parameters in The Config File:

• PI_AUDIT_KEY_PUBLIC

• PI_AUDIT_KEY_PRIVATE

If you want to host the SQL Audit database in another DB than the token DB, you can use:

• PI_AUDIT_SQL_URI and

• PI_AUDIT_SQL_OPTIONS

With PI_AUDIT_SQL_OPTIONS = {} You can pass options to the DB engine creation. If PI_AUDIT_SQL_OPTIONS is not set, SQLALCHEMY_ENGINE_OPTIONS will be used.

This module also takes the following optional parameters:

• PI_AUDIT_POOL_SIZE

• PI_AUDIT_POOL_RECYCLE

• PI_AUDIT_SQL_TRUNCATE

• PI_AUDIT_NO_SIGN

• PI_CHECK_OLD_SIGNATURES

You can use PI_AUDIT_NO_SIGN = True to avoid signing of the audit log.

If PI_CHECK_OLD_SIGNATURES = True old style signatures (text-book RSA) will be checked as well, otherwise they will be marked as FAIL.

Create a new audit object.

Parameters

• config (dict) – The web config is passed to the audit module, so that the special module implementation can get its configuration.

• startdate (datetime) – The datetime of the beginning of the request

Returns

Audit object

audit_entry_to_dict(audit_entry)

If the search_query returns an iterator with elements that are not a dictionary, the audit module needs to provide this function, to convert the audit entry to a dictionary.

clear()

Deletes all entries in the database table. This is only used for test cases! :return:

csv_generator(param=None, user=None, timelimit=None)

Returns the audit log as csv file.

Parameters

• timelimit (datetime.timedelta) – Limit the number of dumped entries by time

• param (dict) – The request parameters

• user – The user, who issued the request

Returns

None. It yields results as a generator

finalize_log()

This method is used to log the data. It should hash the data and do a hash chain and sign the data

get_count(search_dict, timedelta=None, success=None)

Returns the number of found log entries. E.g. used for checking the timelimit.

Parameters

param – List of filter parameters

Returns

number of found entries

get_total(param, AND=True, display_error=True, timelimit=None)

This method returns the total number of audit entries in the audit store

search(search_dict, page_size=15, page=1, sortorder='asc', timelimit=None)

This function returns the audit log as a Pagination object.

Parameters

timelimit (timedelta) – Only audit entries newer than this timedelta will be searched

search_query(search_dict, page_size=15, page=1, sortorder='asc', sortname='number', timelimit=None)

This function returns the audit log as an iterator on the result

Parameters

timelimit (timedelta) – Only audit entries newer than this timedelta will be searched