Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

API/Web Access Logs Requirements #2790

Closed
4 tasks done
JasonCTang opened this issue Feb 5, 2024 · 6 comments
Closed
4 tasks done

API/Web Access Logs Requirements #2790

JasonCTang opened this issue Feb 5, 2024 · 6 comments
Assignees
@ninosamson @dheepak-aot
Labels
Devops Devops Question Further information is requested Security-related Issues related to security
Milestone
Post Part-Time Pr...

Comments

@JasonCTang
Copy link
Collaborator

JasonCTang commented Feb 5, 2024
edited by dheepak-aot
Loading

Describe the task
Changes to logging to satisfy security audit requirements

Acceptance Criteria

  • Stop logging health check log entries in the API logs (see additional context).
  • Write the IP Address and GUID (same saved to the sims.users.user_name) of the user associated with any API call log entries.

Additional context

  • Current API health check logs.

image.png

  • David Malcolm has confirmed that we are allowed to write the user guids to the logs.
@ninosamson ninosamson changed the title Audit log requirements SIEM - Logging Requirements Feb 6, 2024
@ninosamson ninosamson changed the title SIEM - Logging Requirements API/Web Access Logs Requirements Feb 6, 2024
@ninosamson ninosamson added the Security-related Issues related to security label Feb 6, 2024
@michesmith michesmith added this to the 6.2 Implement and Manage SIMS Architecture Components milestone Apr 23, 2024
@michesmith michesmith added the Devops Devops label Apr 23, 2024
@michesmith michesmith modified the milestones: 6.2 Implement and Manage SIMS Architecture Components, 2.0 Part-Time Students MVP May 3, 2024
@sslaws sslaws added the Dev & Architecture Development and Architecture label May 30, 2024
@ninosamson ninosamson self-assigned this Jul 16, 2024
@sslaws
Copy link
Contributor

sslaws commented Jul 18, 2024

I've confirmed that web was already recording the x_forwarded_for and I updated the configuration to filter out the health checks. The API needs to read the x_forwarded_for and write it and the guid of the user to the associated logs.

@andrewsignori-aot andrewsignori-aot added the Question Further information is requested label Aug 6, 2024
@andrewsignori-aot
Copy link
Collaborator

@sslaws I would say the first AC below would be no longer needed after your last commit, right? During the call we were able to see the client IP correctly logged. Would you agree to remove the below AC?

Make necessary changes to the web app access logs to write the actual address of the end user as the requesting IP address.

@andrewsignori-aot
Copy link
Collaborator

@JasonCTang the second AC mentioned "Web" but we believe that it meant "SIMS API", does it make sense?

Stop logging health check log entries in Web access logs

@sslaws
Copy link
Contributor

sslaws commented Aug 6, 2024

@andrewsignori-aot I think it did mean web and I resolved that already but I do see that it applies to the API as well as they are overly verbose.

@andrewsignori-aot
Copy link
Collaborator

andrewsignori-aot commented Aug 6, 2024
edited
Loading

  • Make necessary changes to the web app access logs to write the actual address of the end user as the requesting IP address. (Stephen Laws)

    Create an issue with the title Make necessary changes to the web app access logs to write the actual address of the end user as the requesting IP address. (Stephen Laws). Press Enter to convert to an issue instantly. Press Alt-Enter to open the create new issue form in the current tab. Press Shift-Enter to open the create new issue form.

  • Stop logging health check log entries in Web access logs (probably should be targeting API, right?).

    Create an issue with the title Stop logging health check log entries in Web access logs (probably should be targeting API, right?).. Press Enter to convert to an issue instantly. Press Alt-Enter to open the create new issue form in the current tab. Press Shift-Enter to open the create new issue form.

  • Write the IP Address and GUID (same saved to the sims.users.user_name) of the user associated with any API call log entries.

Yes @sslaws the APIs ones should be removed. Since the web part is handled, can we adjust the ACs as below?

  • Stop logging health check log entries in SIM API.
  • Write the IP Address and GUID (same saved to the sims.users.user_name) of the user associated with any API call log entries.

@andrewsignori-aot
Copy link
Collaborator

As discussed with @JasonCTang we are removing the below ACs related to the Web POD that are already implemented.

  • Make necessary changes to the web app access logs to write the actual address of the end user as the requesting IP address. (Stephen Laws)
  • Stop logging health check log entries in Web access logs (probably should be targeting API, right?).

@andrewsignori-aot andrewsignori-aot removed the Dev & Architecture Development and Architecture label Oct 1, 2024
@AnnaPBashkatova AnnaPBashkatova changed the title API/Web Access Logs Requirements Environments Management ( Dev Stack): API/Web Access Logs Requirements Dec 18, 2024
@ninosamson ninosamson changed the title Environments Management ( Dev Stack): API/Web Access Logs Requirements API/Web Access Logs Requirements Jan 15, 2025
@dheepak-aot dheepak-aot assigned dheepak-aot and unassigned sslaws and JasonCTang Feb 7, 2025
github-merge-queue bot pushed a commit that referenced this issue Feb 11, 2025
@dheepak-aot
#2790 - Update API Access Logs (#4334)
0487599 
# Update API Access Logs

## Implementation of Access logging with NestJS Middleware

- [x] Created a middleware to log all the requests coming to API, except
the health check requests using `NestJS Middleware`

Resource: https://docs.nestjs.com/middleware
- [x] Log `Http Method`, `URL` ,`Client IP` ,`User GUID(on authenticated
endpoints)` and `User Agent Header` for all requests to API.

### Authenticated API access logs


![image](https://github.com/user-attachments/assets/9eea3f3d-2c0c-4f0d-a702-2454fe5d53b9)


### Non-Authenticated API access logs


![image](https://github.com/user-attachments/assets/4af08079-2755-4313-8fb2-bcf088b08a6f)

## Refactor health controller

- [x] Refactored the class name and endpoint of health
controller(Previously known as app controller)

## Centralization

- [x] Centralized the code to get client IP from HTTP request.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ninosamson ninosamson

@dheepak-aot dheepak-aot

Labels
Devops Devops Question Further information is requested Security-related Issues related to security
Projects
None yet
Milestone
Post Part-Time Primera Importante Mucho
Development

No branches or pull requests
6 participants
@ninosamson @sslaws @dheepak-aot @andrewsignori-aot @JasonCTang @michesmith