15.2.3. Audit log¶

15.2.3.1. Base class¶

class privacyidea.lib.auditmodules.base.Audit(config=None, startdate=None)[source]¶

add_policy(policyname)[source]¶: This method adds a triggered policyname to the list of triggered policies. :param policyname: A string or a list of strings as policynames :return:

add_to_log(param, add_with_comma=False)[source]¶: Add to existing log entry :param param: :param add_with_comma: If set to true, new values will be appended comma separated :return:

audit_entry_to_dict(audit_entry)[source]¶: If the search_query returns an iterator with elements that are not a dictionary, the audit module needs to provide this function, to convert the audit entry to a dictionary.

property available_audit_columns¶

csv_generator(param=None, user=None, timelimit=None)[source]¶

A generator that can be used to stream the audit log

Parameters: param –
Returns

finalize_log()[source]¶: This method is called to finalize the audit_data. I.e. sign the data and write it to the database. It should hash the data and do a hash chain and sign the data

get_audit_id()[source]¶

get_count(search_dict, timedelta=None, success=None)[source]¶

Returns the number of found log entries. E.g. used for checking the timelimit.

Parameters: param – List of filter parameters
Returns: number of found entries

get_total(param, AND=True, display_error=True, timelimit=None)[source]¶: This method returns the total number of audit entries in the audit store

property has_data¶

initialize_log(param)[source]¶: This method initialized the log state. The fact, that the log state was initialized, also needs to be logged. Therefor the same params are passed as i the log method.

is_readable = False¶

log(param)[source]¶

This method is used to log the data. During a request this method can be called several times to fill the internal audit_data dictionary.

Add new log details in param to the internal log data self.audit_data.

Parameters: param (dict) – Log data that is to be added
Returns: None

log_token_num(get_tokens(count=True))[source]¶

Parameters: count (int) – Number of tokens
Returns

read_keys(pub, priv)[source]¶

Set the private and public key for the audit class. This is achieved by passing the entries.

#priv = config.get(“privacyideaAudit.key.private”) #pub = config.get(“privacyideaAudit.key.public”)

Parameters

pub (string with filename) – Public key, used for verifying the signature
priv (string with filename) – Private key, used to sign the audit entry

Returns

None

search(search_dict, page_size=15, page=1, sortorder='asc', timelimit=None)[source]¶

This function is used to search audit events.

param: Search parameters can be passed.

return: A pagination object

This function is deprecated.

search_query(search_dict, page_size=15, page=1, sortorder='asc', sortname='number', timelimit=None)[source]¶: This function returns the audit log as an iterator on the result

15.2.3.2. SQL Audit module¶

class privacyidea.lib.auditmodules.sqlaudit.Audit(config=None, startdate=None)[source]¶

This is the SQLAudit module, which writes the audit entries to an SQL database table. It requires the configuration parameters in pi.cfg: * PI_AUDIT_KEY_PUBLIC * PI_AUDIT_KEY_PRIVATE

If you want to host the SQL Audit database in another DB than the token DB, you can use: * PI_AUDIT_SQL_URI

It also takes the optional parameters: * PI_AUDIT_POOL_SIZE * PI_AUDIT_POOL_RECYCLE * PI_AUDIT_SQL_TRUNCATE * PI_AUDIT_NO_SIGN

You can use PI_AUDIT_NO_SIGN = True to avoid signing of the audit log.

If PI_CHECK_OLD_SIGNATURES = True old style signatures (text-book RSA) will be checked as well, otherwise they will be marked as ‘FAIL’.

audit_entry_to_dict(audit_entry)[source]¶: If the search_query returns an iterator with elements that are not a dictionary, the audit module needs to provide this function, to convert the audit entry to a dictionary.

clear()[source]¶: Deletes all entries in the database table. This is only used for test cases! :return:

csv_generator(param=None, user=None, timelimit=None)[source]¶: Returns the audit log as csv file. :param timelimit: Limit the number of dumped entries by time :type timelimit: datetime.timedelta :param param: The request parameters :type param: dict :param user: The user, who issued the request :return: None. It yields results as a generator

finalize_log()[source]¶: This method is used to log the data. It should hash the data and do a hash chain and sign the data

get_count(search_dict, timedelta=None, success=None)[source]¶

Returns the number of found log entries. E.g. used for checking the timelimit.

Parameters: param – List of filter parameters
Returns: number of found entries

get_total(param, AND=True, display_error=True, timelimit=None)[source]¶: This method returns the total number of audit entries in the audit store

search(search_dict, page_size=15, page=1, sortorder='asc', timelimit=None)[source]¶

This function returns the audit log as a Pagination object.

Parameters: timelimit (timedelta) – Only audit entries newer than this timedelta will be searched

search_query(search_dict, page_size=15, page=1, sortorder='asc', sortname='number', timelimit=None)[source]¶

This function returns the audit log as an iterator on the result

Parameters: timelimit (timedelta) – Only audit entries newer than this timedelta will be searched

15.2.3. Audit log¶

15.2.3.1. Base class¶

15.2.3.2. SQL Audit module¶

Contents

Navigation