1667380209-audit-log-on-top-of-structured-logging.md

8. Audit log on top of structured logging

Date: 2022-11-02

Context

Sourcegraph has lacked first-class support for audit logging until now. This ADR doesn't intend to explain the business decisions behind building an audit log but the technical solution. For reading more about the business context, refer to the following RFCs:

• RFC 732
• RFC 734

For using and configuring the audit log, refer to the Docs page

Decision

Add easy-to-use audit logging API, available in internal/audit/audit.go. The API entry point is the audit.Log function.

• Audit logs are regular structured logs that carry additional information in the Attributes map.
• Audit data is available in the Attributes.audit property.
• Any additional audit-related context is a direct child of the Attributes property.
• Audit logs are "immune" to sampling (they never get dropped); this is achieved using a unique message in the Body property (which carries a generated auditId UUID).

Consequences

Audit log entries are now a part of the standard log output.

• On-premises installation may filter them from the stdout, looking for Attributes.audit or auditId properties.
• Cloud instances will ship with first-class support (TBD).