Where audit logger methods are called

houshmand1996 · August 2, 2020, 5:44pm

where clientWrapper in kibana calls methods like this

public async update<T extends SavedObjectAttributes>(
   type: string,
   id: string,
   attributes: Partial<T>,
   options: SavedObjectsUpdateOptions = {}
 ) {
   await this.ensureAuthorized(type, 'update', options.namespace, {
     type,
     id,
     attributes,
     options,
   });

   return await this.baseClient.update(type, id, attributes, options);
 }

in this path : (x-pack / plugins / security / server / savedobject / SecureSavedObjectsClientWrapper )

in other words how and where user activities are logged in kibana ?

mikecote · August 19, 2020, 1:32pm

Hi @houshmand1996,

You can learn more about the Kibana audit logs here: https://www.elastic.co/guide/en/kibana/current/xpack-security-audit-logging.html. They are disabled by default and include steps to enable it.

houshmand1996 · August 20, 2020, 11:39am

hi thanks for your response
but i'm not looking for enabling audit logging what's i'm actually looking for is how this audit logging in security plugins works and how it logged every action that user made . i went through of codes each and every lines but i could not finds out about that .
if you knowing anything please let me now .

mikecote · August 20, 2020, 12:46pm

This happens within the same file as the code snippet above but within the ensureAuthorized function. You can look for this.auditLogger.savedObjectsAuthorizationSuccess and this.auditLogger.savedObjectsAuthorizationFailure calls.

system · September 17, 2020, 12:46pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.