static void log_json(struct imessaging_context *msg_ctx,
struct loadparm_context *lp_ctx,
struct json_object *object,
- const char *type,
int debug_class,
int debug_level)
{
- audit_log_json(type, object, debug_class, debug_level);
+ audit_log_json(object, debug_class, debug_level);
if (msg_ctx && lp_ctx && lpcfg_auth_event_notification(lp_ctx)) {
audit_message_send(msg_ctx,
AUTH_EVENT_NAME,
* To process the resulting log lines from the commend line use jq to
* parse the json.
*
- * grep "JSON Authentication" log file |
- * sed 's;^[^{]*;;' |
- * jq -rc '"\(.timestamp)\t\(.Authentication.status)\t
+ * grep "^ {" log file |
+ * jq -rc '"\(.timestamp)\t\(.Authentication.status)\t
* \(.Authentication.clientDomain)\t
* \(.Authentication.clientAccount)
* \t\(.Authentication.workstation)
log_json(msg_ctx,
lp_ctx,
&wrapper,
- AUTH_JSON_TYPE,
DBGC_AUTH_AUDIT,
debug_level);
json_free(&wrapper);
* To process the resulting log lines from the commend line use jq to
* parse the json.
*
- * grep "JSON Authentication" log_file |\
- * sed "s;^[^{]*;;" |\
+ * grep "^ {" log_file |\
* jq -rc '"\(.timestamp)\t
* \(.Authorization.domain)\t
* \(.Authorization.account)\t
log_json(msg_ctx,
lp_ctx,
&wrapper,
- AUTHZ_JSON_TYPE,
DBGC_AUTH_AUDIT,
debug_level);
json_free(&wrapper);
*
* Write the json object to the audit logs as a formatted string
*
- * @param prefix Text to be printed at the start of the log line
* @param message The content of the log line.
* @param debub_class The debug class to log the message with.
* @param debug_level The debug level to log the message with.
*/
-void audit_log_json(const char* prefix,
- struct json_object* message,
+void audit_log_json(struct json_object* message,
int debug_class,
int debug_level)
{
ctx = talloc_new(NULL);
s = json_to_string(ctx, message);
if (s == NULL) {
- DBG_ERR("json_to_string for (%s) returned NULL, "
- "JSON audit message could not written\n",
- prefix);
+ DBG_ERR("json_to_string returned NULL, "
+ "JSON audit message could not written\n");
TALLOC_FREE(ctx);
return;
}
- DEBUGC(debug_class, debug_level, ("JSON %s: %s\n", prefix, s));
+ /*
+ * This is very strange, but we call this routine to get a log
+ * output without the header. JSON logs all have timestamps
+ * so this only makes parsing harder.
+ *
+ * We push out the raw JSON blob without a prefix, consumers
+ * can find such lines by the leading {
+ */
+ DEBUGADDC(debug_class, debug_level, ("%s\n", s));
TALLOC_FREE(ctx);
}
#define JSON_ERROR -1
-void audit_log_json(const char *prefix,
- struct json_object *message,
+void audit_log_json(struct json_object *message,
int debug_class,
int debug_level);
void audit_message_send(struct imessaging_context *msg_ctx,
struct json_object json;
json = operation_json(module, request, reply);
audit_log_json(
- OPERATION_JSON_TYPE,
&json,
DBGC_DSDB_AUDIT_JSON,
OPERATION_LOG_LVL);
struct json_object json;
json = password_change_json(module, request, reply);
audit_log_json(
- PASSWORD_JSON_TYPE,
&json,
DBGC_DSDB_PWD_AUDIT_JSON,
PASSWORD_LOG_LVL);
struct json_object json;
json = replicated_update_json(module, request, reply);
audit_log_json(
- REPLICATION_JSON_TYPE,
&json,
DBGC_DSDB_AUDIT_JSON,
REPLICATION_LOG_LVL);
&audit_private->transaction_guid,
duration);
audit_log_json(
- TRANSACTION_JSON_TYPE,
&json,
DBGC_DSDB_TXN_AUDIT_JSON,
log_level);
reason,
&audit_private->transaction_guid);
audit_log_json(
- TRANSACTION_JSON_TYPE,
&json,
DBGC_DSDB_TXN_AUDIT_JSON,
log_level);
group,
status);
audit_log_json(
- AUDIT_JSON_TYPE,
&json,
DBGC_DSDB_GROUP_AUDIT_JSON,
GROUP_LOG_LVL);
group,
status);
audit_log_json(
- AUDIT_JSON_TYPE,
&json,
DBGC_DSDB_GROUP_AUDIT_JSON,
GROUP_LOG_LVL);