audit_logging: Remove debug log header and JSON Authentication: prefix

Feedback from real-world users is that they really want raw JSON
strings in the log.

We can not easily remove the leading "  " but the other strings above
and before the JSON are really annoying to strip back off

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13714

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
(cherry-picked from edab1318f9138c0d87de7cc7cfa5da8e29c906f8 and modified
for v4-9 by Gary Lockyer)

diff --git a/auth/auth_log.c b/auth/auth_log.c
index 3e81730ef1402ba921aecb7b2fefd3fb5f36c1be..1df112d9a8b4549425f0a3f7c2845ffdd65e312c 100644 (file)
--- a/auth/auth_log.c
+++ b/auth/auth_log.c
@@ -78,11 +78,10 @@ static const char* get_password_type(const struct auth_usersupplied_info *ui);
 static void log_json(struct imessaging_context *msg_ctx,
                     struct loadparm_context *lp_ctx,
                     struct json_object *object,
-                    const char *type,
                     int debug_class,
                     int debug_level)
 {
-       audit_log_json(type, object, debug_class, debug_level);
+       audit_log_json(object, debug_class, debug_level);
        if (msg_ctx && lp_ctx && lpcfg_auth_event_notification(lp_ctx)) {
                audit_message_send(msg_ctx,
                                   AUTH_EVENT_NAME,
@@ -102,9 +101,8 @@ static void log_json(struct imessaging_context *msg_ctx,
  *  To process the resulting log lines from the commend line use jq to
  *  parse the json.
  *
- *  grep "JSON Authentication" log file |
- *  sed 's;^[^{]*;;' |
- * jq -rc  '"\(.timestamp)\t\(.Authentication.status)\t
+ *  grep "^  {" log file |
+ *  jq -rc '"\(.timestamp)\t\(.Authentication.status)\t
  *           \(.Authentication.clientDomain)\t
  *           \(.Authentication.clientAccount)
  *           \t\(.Authentication.workstation)
@@ -272,7 +270,6 @@ static void log_authentication_event_json(
        log_json(msg_ctx,
                 lp_ctx,
                 &wrapper,
-                AUTH_JSON_TYPE,
                 DBGC_AUTH_AUDIT_JSON,
                 debug_level);
        json_free(&wrapper);
@@ -300,8 +297,7 @@ failure:
  *  To process the resulting log lines from the commend line use jq to
  *  parse the json.
  *
- *  grep "JSON Authentication" log_file |\
- *  sed "s;^[^{]*;;" |\
+ *  grep "^  {" log_file |\
  *  jq -rc '"\(.timestamp)\t
  *           \(.Authorization.domain)\t
  *           \(.Authorization.account)\t
@@ -409,7 +405,6 @@ static void log_successful_authz_event_json(
        log_json(msg_ctx,
                 lp_ctx,
                 &wrapper,
-                AUTHZ_JSON_TYPE,
                 DBGC_AUTH_AUDIT_JSON,
                 debug_level);
        json_free(&wrapper);

diff --git a/lib/audit_logging/audit_logging.c b/lib/audit_logging/audit_logging.c
index ac08863129a756f230f1a370e7352673b0331679..4ae18fb773b9f5f2bf74adbcc52224fc0cb872a7 100644 (file)
--- a/lib/audit_logging/audit_logging.c
+++ b/lib/audit_logging/audit_logging.c
@@ -105,13 +105,11 @@ const struct json_object json_empty_object = {.valid = false, .root = NULL};
  *
  * Write the json object to the audit logs as a formatted string
  *
- * @param prefix Text to be printed at the start of the log line
  * @param message The content of the log line.
  * @param debub_class The debug class to log the message with.
  * @param debug_level The debug level to log the message with.
  */
-void audit_log_json(const char* prefix,
-                   struct json_object* message,
+void audit_log_json(struct json_object* message,
                    int debug_class,
                    int debug_level)
 {
@@ -126,13 +124,20 @@ void audit_log_json(const char* prefix,
        ctx = talloc_new(NULL);
        s = json_to_string(ctx, message);
        if (s == NULL) {
-               DBG_ERR("json_to_string for (%s) returned NULL, "
-                       "JSON audit message could not written\n",
-                       prefix);
+               DBG_ERR("json_to_string returned NULL, "
+                       "JSON audit message could not written\n");
                TALLOC_FREE(ctx);
                return;
        }
-       DEBUGC(debug_class, debug_level, ("JSON %s: %s\n", prefix, s));
+       /*
+        * This is very strange, but we call this routine to get a log
+        * output without the header.  JSON logs all have timestamps
+        * so this only makes parsing harder.
+        *
+        * We push out the raw JSON blob without a prefix, consumers
+        * can find such lines by the leading {
+        */
+       DEBUGADDC(debug_class, debug_level, ("%s\n", s));
        TALLOC_FREE(ctx);
 }
 

diff --git a/lib/audit_logging/audit_logging.h b/lib/audit_logging/audit_logging.h
index 84738d2bb932a0d9e864de6a54023b3d309c3e7f..f91efc3947872c84acb396310b0bb5555662c63b 100644 (file)
--- a/lib/audit_logging/audit_logging.h
+++ b/lib/audit_logging/audit_logging.h
@@ -42,8 +42,7 @@ extern const struct json_object json_empty_object;
 
 #define JSON_ERROR -1
 
-void audit_log_json(const char *prefix,
-                   struct json_object *message,
+void audit_log_json(struct json_object *message,
                    int debug_class,
                    int debug_level);
 void audit_message_send(struct imessaging_context *msg_ctx,

diff --git a/source4/dsdb/samdb/ldb_modules/audit_log.c b/source4/dsdb/samdb/ldb_modules/audit_log.c
index dd714bca4e12ac549d5530434a64e8b7975b6682..16acf1461946bb80da62922ba4f8e33196e91596 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/audit_log.c
+++ b/source4/dsdb/samdb/ldb_modules/audit_log.c
@@ -1139,7 +1139,6 @@ static void log_standard_operation(
                struct json_object json;
                json = operation_json(module, request, reply);
                audit_log_json(
-                       OPERATION_JSON_TYPE,
                        &json,
                        DBGC_DSDB_AUDIT_JSON,
                        OPERATION_LOG_LVL);
@@ -1160,7 +1159,6 @@ static void log_standard_operation(
                        struct json_object json;
                        json = password_change_json(module, request, reply);
                        audit_log_json(
-                               PASSWORD_JSON_TYPE,
                                &json,
                                DBGC_DSDB_PWD_AUDIT_JSON,
                                PASSWORD_LOG_LVL);
@@ -1221,7 +1219,6 @@ static void log_replicated_operation(
                struct json_object json;
                json = replicated_update_json(module, request, reply);
                audit_log_json(
-                       REPLICATION_JSON_TYPE,
                        &json,
                        DBGC_DSDB_AUDIT_JSON,
                        REPLICATION_LOG_LVL);
@@ -1311,7 +1308,6 @@ static void log_transaction(
                        &audit_private->transaction_guid,
                        duration);
                audit_log_json(
-                       TRANSACTION_JSON_TYPE,
                        &json,
                        DBGC_DSDB_TXN_AUDIT_JSON,
                        log_level);
@@ -1384,7 +1380,6 @@ static void log_commit_failure(
                        reason,
                        &audit_private->transaction_guid);
                audit_log_json(
-                       TRANSACTION_JSON_TYPE,
                        &json,
                        DBGC_DSDB_TXN_AUDIT_JSON,
                        log_level);

diff --git a/source4/dsdb/samdb/ldb_modules/group_audit.c b/source4/dsdb/samdb/ldb_modules/group_audit.c
index d5c9bbdaa1e489d63e2eb06132804d31668f02e8..2a6c1163c86c30ebfa3fa5429d4df33ea9fdd225 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/group_audit.c
+++ b/source4/dsdb/samdb/ldb_modules/group_audit.c
@@ -507,7 +507,6 @@ static void log_primary_group_change(
                        group,
                        status);
                audit_log_json(
-                       AUDIT_JSON_TYPE,
                        &json,
                        DBGC_DSDB_GROUP_AUDIT_JSON,
                        GROUP_LOG_LVL);
@@ -582,7 +581,6 @@ static void log_membership_change(
                        group,
                        status);
                audit_log_json(
-                       AUDIT_JSON_TYPE,
                        &json,
                        DBGC_DSDB_GROUP_AUDIT_JSON,
                        GROUP_LOG_LVL);

diff --git a/source4/dsdb/samdb/ldb_modules/tests/test_group_audit.c b/source4/dsdb/samdb/ldb_modules/tests/test_group_audit.c
index de3785463ec4fdf4cb012d1b502833ca849a9a29..2d868699b14cc2fb8b1d52b7a8a70d32b91b8eef 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/tests/test_group_audit.c
+++ b/source4/dsdb/samdb/ldb_modules/tests/test_group_audit.c
@@ -752,19 +752,16 @@ static void test_get_primary_group_dn(void **state)
 /*
  * Mocking for audit_log_json to capture the called parameters
  */
-const char *audit_log_json_prefix = NULL;
 struct json_object *audit_log_json_message = NULL;
 int audit_log_json_debug_class = 0;
 int audit_log_json_debug_level = 0;
 
 
 void audit_log_json(
-       const char* prefix,
        struct json_object* message,
        int debug_class,
        int debug_level)
 {
-       audit_log_json_prefix = prefix;
        audit_log_json_message = message;
        audit_log_json_debug_class = debug_class;
        audit_log_json_debug_level = debug_level;