Hello,
Created java class according the example :
import tech.beshu.ror.ResponseContext;
import tech.beshu.ror.requestcontext.AuditLogSerializer;
import java.util.HashMap;
import java.util.Map;
public static class MySerializer implements AuditLogSerializer {
@Override
public Map<String, ?> createLoggableEntry(ResponseContext context) {
Map<String, Object> theMap = new HashMap<>();
theMap.put(“indices”, context.getRequestContext().getIndices());
return theMap;
}
}
This is my index for testing “customer”:
{
“_shards”: {
“failed”: 0,
“skipped”: 0,
“successful”: 5,
“total”: 5
},
“hits”: {
“hits”: [
{
“_id”: “22”,
“_index”: “customer”,
“_score”: 1.0,
“_source”: {
“name”: “Ben Doe”
},
“_type”: “external”
},
{
“_id”: “AWLIZ5I1Cdjjmrp_9SQW”,
“_index”: “customer”,
“_score”: 1.0,
“_source”: {
“name”: “For Audit QA”
},
“_type”: “external”
},
{
“_id”: “100”,
“_index”: “customer”,
“_score”: 1.0,
“_source”: {
“age”: 20,
“name”: “Id insert”
},
“_type”: “external”
},
{
“_id”: “AWLIZwesCdjjmrp_9SQS”,
“_index”: “customer”,
“_score”: 1.0,
“_source”: {
“name”: “Liron Test”
},
“_type”: “external”
},
{
“_id”: “AWNZKpVbZ1q1IOUIPleV”,
“_index”: “customer”,
“_score”: 1.0,
“_source”: {
“title”: “hello”
},
“_type”: “test1”
},
{
“_id”: “AWLIZyoLCdjjmrp_9SQU”,
“_index”: “customer”,
“_score”: 1.0,
“_source”: {
“name”: “\u05d1\u05d3\u05d9\u05e7\u05d4 \u05dc\u05d9\u05e8\u05d5\u05df”
},
“_type”: “external”
},
{
“_id”: “AWLIZ3wLCdjjmrp_9SQV”,
“_index”: “customer”,
“_score”: 1.0,
“_source”: {
“name”: “For Audit”
},
“_type”: “external”
}
],
“max_score”: 1.0,
“total”: 7
},
“timed_out”: false,
“took”: 1
}
On this index performed:
curl -XPOST http://xx.xx.xx.xx:9200/customer/test1 -d ‘{“title”: “hello”}’
and curl -XGET http://xx.xx.xx.xx:9200/customer/_search in loop of 200 iterations.
This is part of ES log:
[2018-05-13T10:39:39,352][INFO ][t.b.r.r.SerializationTool] Using custom serializer: MyCustomSerializer
…
[2018-05-13T10:41:04,427][INFO ][t.b.r.a.ACL ] ALLOWED by { name: ‘passthrough’, policy: ALLOW} req={ ID:21664262-62830043#398, TYP:ClusterHealthRequest, CGR:N/A, USR:[no
basic auth header], BRS:true, ACT:cluster:monitor/health, OA:10.244.0.0, IDX:, MET:GET, PTH:/_cluster/health, CNT:<N/A>, HDR:Accept,content-length,Host,User-Agent, HIS:[passthrough->]
}
[2018-05-13T10:42:33,237][INFO ][t.b.r.a.ACL ] ALLOWED by { name: ‘passthrough’, policy: ALLOW} req={ ID:241060584-1026971099#530, TYP:ClusterStateRequest, CGR:N/A, USR:[
no basic auth header], BRS:true, ACT:cluster:monitor/state, OA:10.244.0.0, IDX:, MET:GET, PTH:/_cat/indices?v, CNT:<N/A>, HDR:Accept,content-length,Host,User-Agent, HIS:[passthrough->]
}
[2018-05-13T10:43:21,790][INFO ][t.b.r.a.ACL ] ALLOWED by { name: ‘passthrough’, policy: ALLOW} req={ ID:121728359-334467052#610, TYP:ClusterStateRequest, CGR:N/A, USR:[n
o basic auth header], BRS:true, ACT:cluster:monitor/state, OA:10.244.0.0, IDX:, MET:GET, PTH:/_cat/indices?v, CNT:<N/A>, HDR:Accept,content-length,Host,User-Agent, HIS:[passthrough->] }
[2018-05-13T10:43:44,636][INFO ][t.b.r.a.ACL ] ALLOWED by { name: ‘passthrough’, policy: ALLOW} req={ ID:558958471-272334466#652, TYP:ClusterStateRequest, CGR:N/A, USR:[n
o basic auth header], BRS:true, ACT:cluster:monitor/state, OA:10.244.0.0, IDX:, MET:GET, PTH:/_cat/indices?v, CNT:<N/A>, HDR:Accept,content-length,Host,User-Agent, HIS:[passthrough->] }
[2018-05-13T10:44:26,313][INFO ][t.b.r.a.ACL ] ALLOWED by { name: ‘passthrough’, policy: ALLOW} req={ ID:888746055-1371821327#718, TYP:ClusterStateRequest, CGR:N/A, USR:[
no basic auth header], BRS:true, ACT:cluster:monitor/state, OA:10.244.0.0, IDX:, MET:GET, PTH:/_cat/indices?v, CNT:<N/A>, HDR:Accept,content-length,Host,User-Agent, HIS:[passthrough->]
}
[2018-05-13T10:44:30,683][INFO ][t.b.r.a.ACL ] ALLOWED by { name: ‘passthrough’, policy: ALLOW} req={ ID:734942157-1784873231#732, TYP:ClusterStateRequest, CGR:N/A, USR:[
no basic auth header], BRS:true, ACT:cluster:monitor/state, OA:10.244.0.0, IDX:, MET:GET, PTH:/_cat/indices?v, CNT:<N/A>, HDR:Accept,content-length,Host,User-Agent, HIS:[passthrough->]
}
[2018-05-13T10:44:51,562][INFO ][t.b.r.a.ACL ] ALLOWED by { name: ‘passthrough’, policy: ALLOW} req={ ID:1724284691-725932754#1226, TYP:ClusterStateRequest, CGR:N/A, USR:
[no basic auth header], BRS:true, ACT:cluster:monitor/state, OA:10.244.0.0, IDX:, MET:GET, PTH:/_cat/indices?v, CNT:<N/A>, HDR:Accept,content-length,Host,User-Agent, HIS:[passthrough->]
}
[2018-05-13T10:46:44,763][INFO ][t.b.r.a.ACL ] ALLOWED by { name: ‘passthrough’, policy: ALLOW} req={ ID:1771444219-156580984#1400, TYP:GetIndexRequest, CGR:N/A, USR:[no
basic auth header], BRS:true, ACT:indices:admin/get, OA:10.244.0.0, IDX:customer, MET:GET, PTH:/customer, CNT:<N/A>, HDR:Accept,content-length,Host,User-Agent, HIS:[passthrough->] }
[2018-05-13T10:47:01,105][INFO ][t.b.r.a.ACL ] ALLOWED by { name: ‘passthrough’, policy: ALLOW} req={ ID:165236752-1388696304#1426, TYP:GetIndexRequest, CGR:N/A, USR:[no
basic auth header], BRS:true, ACT:indices:admin/get, OA:10.244.0.0, IDX:customer, MET:GET, PTH:/customer, CNT:<N/A>, HDR:Accept,content-length,Host,User-Agent, HIS:[passthrough->] }
[2018-05-13T10:51:42,220][INFO ][t.b.r.a.ACL ] ALLOWED by { name: ‘passthrough’, policy: ALLOW} req={ ID:2046087892-1052709220#1850, TYP:ClusterStateRequest, CGR:N/A, USR
:[no basic auth header], BRS:true, ACT:cluster:monitor/state, OA:10.244.0.0, IDX:, MET:GET, PTH:/_cat/indices?v, CNT:<N/A>, HDR:Accept,content-length,Host,User-Agent, HIS:[passthrough->
] }
[2018-05-13T10:51:52,231][INFO ][t.b.r.a.ACL ] ALLOWED by { name: ‘passthrough’, policy: ALLOW} req={ ID:319797216-1699574084#1876, TYP:ClusterStateRequest, CGR:N/A, USR:
[no basic auth header], BRS:true, ACT:cluster:monitor/state, OA:10.244.0.0, IDX:, MET:GET, PTH:/_cat/indices?v, CNT:<N/A>, HDR:Accept,content-length,Host,User-Agent, HIS:[passthrough->]
}
[2018-05-13T10:52:11,290][INFO ][t.b.r.a.ACL ] ALLOWED by { name: ‘passthrough’, policy: ALLOW} req={ ID:1778442289-529086876#1913, TYP:GetIndexRequest, CGR:N/A, USR:[no
basic auth header], BRS:true, ACT:indices:admin/get, OA:10.244.0.0, IDX:readonlyrest_audit-2018-05-13, MET:GET, PTH:/readonlyrest_audit-2018-05-13, CNT:<N/A>, HDR:Accept,content-length,Ho
st,User-Agent, HIS:[passthrough->] }
[2018-05-13T10:52:37,495][INFO ][t.b.r.a.ACL ] ALLOWED by { name: ‘passthrough’, policy: ALLOW} req={ ID:699388683-1718203599#1955, TYP:GetIndexRequest, CGR:N/A, USR:[no
basic auth header], BRS:true, ACT:indices:admin/get, OA:10.244.0.0, IDX:readonlyrest_audit-2018-05-12, MET:GET, PTH:/readonlyrest_audit-2018-05-12, CNT:<N/A>, HDR:Accept,content-length,Ho
st,User-Agent, HIS:[passthrough->] }
[2018-05-13T10:52:45,958][INFO ][t.b.r.a.ACL ] ALLOWED by { name: ‘passthrough’, policy: ALLOW} req={ ID:1231285244-131051403#1973, TYP:GetIndexRequest, CGR:N/A, USR:[no
basic auth header], BRS:true, ACT:indices:admin/get, OA:10.244.0.0, IDX:readonlyrest_audit-2018-05-13, MET:GET, PTH:/readonlyrest_audit-2018-05-13, CNT:<N/A>, HDR:Accept,content-length,Ho
st,User-Agent, HIS:[passthrough->] }
[2018-05-13T10:53:23,912][INFO ][t.b.r.a.ACL ] ALLOWED by { name: ‘passthrough’, policy: ALLOW} req={ ID:574917889-1019452472#2033, TYP:ClusterStateRequest, CGR:N/A, USR:
[no basic auth header], BRS:true, ACT:cluster:monitor/state, OA:10.244.0.0, IDX:, MET:GET, PTH:/_cat/indices?v, CNT:<N/A>, HDR:Accept,content-length,Host,User-Agent, HIS:[passthrough->]
}
[2018-05-13T11:02:33,044][WARN ][o.e.d.r.RestController ] Content type detection for rest requests is deprecated. Specify the content type using the [Content-Type] header.
[2018-05-13T11:02:33,048][ERROR][t.b.r.e.RequestInfo ] Found an instance of CompositeIndicesRequest that could not be handled: report this as a bug immediately! IndexRequest
[2018-05-13T11:02:33,052][INFO ][t.b.r.a.ACL ] ALLOWED by { name: ‘passthrough’, policy: ALLOW} req={ ID:1687171110-944271539#2852, TYP:IndexRequest, CGR:N/A, USR:[no bas
ic auth header], BRS:true, ACT:indices:data/write/index, OA:10.244.0.0, IDX:customer, MET:POST, PTH:/customer/test1, CNT:<OMITTED, LENGTH=18>, HDR:Accept,Content-Length,Content-Type,Host,
User-Agent, HIS:[passthrough->] }
[2018-05-13T11:03:07,307][INFO ][t.b.r.a.ACL ] ALLOWED by { name: ‘passthrough’, policy: ALLOW} req={ ID:696538075-1781724351#2911, TYP:SearchRequest, CGR:N/A, USR:[no ba
sic auth header], BRS:true, ACT:indices:data/read/search, OA:10.244.0.0, IDX:customer, MET:GET, PTH:/customer/test1/_search, CNT:<N/A>, HDR:Accept,content-length,Host,User-Agent, HIS:[pas
sthrough->] }
[2018-05-13T11:03:29,781][INFO ][t.b.r.a.ACL ] ALLOWED by { name: ‘passthrough’, policy: ALLOW} req={ ID:423476447-1781724351#2956, TYP:SearchRequest, CGR:N/A, USR:[no ba
sic auth header], BRS:true, ACT:indices:data/read/search, OA:10.244.0.0, IDX:customer, MET:GET, PTH:/customer/test1/_search, CNT:<N/A>, HDR:Accept,content-length,Host,User-Agent, HIS:[pas
sthrough->] }
This is the readonlyrest_audit-2018-05-13 index:
{
"_shards": {
"failed": 0,
"skipped": 0,
"successful": 5,
"total": 5
},
"hits": {
"hits": [
{
"_id": "2041423447-526821954#25324458",
"_index": "readonlyrest_audit-2018-05-13",
"_score": 1.0,
"_source": {
"@timestamp": "2018-05-13T00:00:10Z",
"acl_history": "[passthrough->[]]",
"action": "cluster:monitor/nodes/info",
"content_len": 0,
"content_len_kb": 0,
"error_message": null,
"error_type": null,
"final_state": "ALLOWED",
"headers": [
"Authorization",
"Connection",
"Content-Length",
"Host"
],
"id": "2041423447-526821954#25324458",
"indices": [],
"origin": "xx.xx.xx.xx",
"path": "/_nodes/_local?filter_path=nodes.*.settings.tribe",
"processingMillis": 0,
"req_method": "GET",
"task_id": 25324458,
"type": "NodesInfoRequest",
"user": null
},
"_type": "ror_audit_evt"
},
{
"_id": "454905553-408214284#25324463",
"_index": "readonlyrest_audit-2018-05-13",
"_score": 1.0,
"_source": {
"@timestamp": "2018-05-13T00:00:10Z",
"acl_history": "[passthrough->[]]",
"action": "cluster:monitor/health",
"content_len": 0,
"content_len_kb": 0,
"error_message": null,
"error_type": null,
"final_state": "ALLOWED",
"headers": [
"Authorization",
"Connection",
"Content-Length",
"Host"
],
"id": "454905553-408214284#25324463",
"indices": [
".kibana"
],
"origin": "xx.xx.xx.xx",
"path": "/_cluster/health/.kibana?timeout=5s",
"processingMillis": 0,
"req_method": "GET",
"task_id": 25324463,
"type": "ClusterHealthRequest",
"user": null
},
"_type": "ror_audit_evt"
},
{
"_id": "1184506844-931169816#25324464",
"_index": "readonlyrest_audit-2018-05-13",
"_score": 1.0,
"_source": {
"@timestamp": "2018-05-13T00:00:10Z",
"acl_history": "[passthrough->[]]",
"action": "indices:admin/get",
"content_len": 0,
"content_len_kb": 0,
"error_message": null,
"error_type": null,
"final_state": "ALLOWED",
"headers": [
"Authorization",
"Connection",
"Content-Length",
"Host"
],
"id": "1184506844-931169816#25324464",
"indices": [
".kibana"
],
"origin": "xx.xx.xx.xx",
"path": "/.kibana/_mappings",
"processingMillis": 1,
"req_method": "GET",
"task_id": 25324464,
"type": "GetIndexRequest",
"user": null
},
"_type": "ror_audit_evt"
},
{
"_id": "275244239-1199073869#25324465",
"_index": "readonlyrest_audit-2018-05-13",
"_score": 1.0,
"_source": {
"@timestamp": "2018-05-13T00:00:10Z",
"acl_history": "[passthrough->[]]",
"action": "indices:data/read/search",
"content_len": 277,
"content_len_kb": 0,
"error_message": null,
"error_type": null,
"final_state": "ALLOWED",
"headers": [
"Authorization",
"Connection",
"Content-Length",
"content-type",
"Host"
],
"id": "275244239-1199073869#25324465",
"indices": [
".kibana"
],
"origin": "xx.xx.xx.xx",
"path": "/.kibana/_search?size=1000&from=0",
"processingMillis": 0,
"req_method": "POST",
"task_id": 25324465,
"type": "SearchRequest",
"user": null
},
"_type": "ror_audit_evt"
},
{
"_id": "179600537-1604695717#25324467",
"_index": "readonlyrest_audit-2018-05-13",
"_score": 1.0,
"_source": {
"@timestamp": "2018-05-13T00:00:10Z",
"acl_history": "[passthrough->[]]",
"action": "cluster:monitor/state",
"content_len": 0,
"content_len_kb": 0,
"error_message": null,
"error_type": null,
"final_state": "ALLOWED",
"headers": [
"Authorization",
"Connection",
"Content-Length",
"Host"
],
"id": "179600537-1604695717#25324467",
"indices": [],
"origin": "xx.xx.xx.xx",
"path": "/_cluster/settings?include_defaults=true&filter_path=**.script.engine.*.inline",
"processingMillis": 0,
"req_method": "GET",
"task_id": 25324467,
"type": "ClusterStateRequest",
"user": null
},
"_type": "ror_audit_evt"
},
{
"_id": "1782818272-2003881707#25324509",
"_index": "readonlyrest_audit-2018-05-13",
"_score": 1.0,
"_source": {
"@timestamp": "2018-05-13T00:00:15Z",
"acl_history": "[passthrough->[]]",
"action": "cluster:monitor/nodes/info",
"content_len": 0,
"content_len_kb": 0,
"error_message": null,
"error_type": null,
"final_state": "ALLOWED",
"headers": [
"Authorization",
"Connection",
"Content-Length",
"Host"
],
"id": "1782818272-2003881707#25324509",
"indices": [],
"origin": "xx.xx.xx.xx",
"path": "/_nodes?filter_path=nodes.*.version%2Cnodes.*.http.publish_address%2Cnodes.*.ip",
"processingMillis": 1,
"req_method": "GET",
"task_id": 25324509,
"type": "NodesInfoRequest",
"user": null
},
"_type": "ror_audit_evt"
},
{
"_id": "795396896-1327115231#25324516",
"_index": "readonlyrest_audit-2018-05-13",
"_score": 1.0,
"_source": {
"@timestamp": "2018-05-13T00:00:15Z",
"acl_history": "[passthrough->[]]",
"action": "cluster:monitor/health",
"content_len": 0,
"content_len_kb": 0,
"error_message": null,
"error_type": null,
"final_state": "ALLOWED",
"headers": [
"Authorization",
"Connection",
"Content-Length",
"Host"
],
"id": "795396896-1327115231#25324516",
"indices": [
".kibana"
],
"origin": "xx.xx.xx.xx",
"path": "/_cluster/health/.kibana?timeout=5s",
"processingMillis": 0,
"req_method": "GET",
"task_id": 25324516,
"type": "ClusterHealthRequest",
"user": null
},
"_type": "ror_audit_evt"
},
{
"_id": "785942685-1199073869#25324518",
"_index": "readonlyrest_audit-2018-05-13",
"_score": 1.0,
"_source": {
"@timestamp": "2018-05-13T00:00:15Z",
"acl_history": "[passthrough->[]]",
"action": "indices:data/read/search",
"content_len": 277,
"content_len_kb": 0,
"error_message": null,
"error_type": null,
"final_state": "ALLOWED",
"headers": [
"Authorization",
"Connection",
"Content-Length",
"content-type",
"Host"
],
"id": "785942685-1199073869#25324518",
"indices": [
".kibana"
],
"origin": "xx.xx.xx.xx",
"path": "/.kibana/_search?size=1000&from=0",
"processingMillis": 0,
"req_method": "POST",
"task_id": 25324518,
"type": "SearchRequest",
"user": null
},
"_type": "ror_audit_evt"
},
{
"_id": "576126083-36071308#25324378",
"_index": "readonlyrest_audit-2018-05-13",
"_score": 1.0,
"_source": {
"@timestamp": "2018-05-13T00:00:02Z",
"acl_history": "[passthrough->[]]",
"action": "indices:data/read/mget",
"content_len": 62,
"content_len_kb": 0,
"error_message": null,
"error_type": null,
"final_state": "ALLOWED",
"headers": [
"Authorization",
"Connection",
"Content-Length",
"content-type",
"Host"
],
"id": "576126083-36071308#25324378",
"indices": [
".kibana"
],
"origin": "xx.xx.xx.xx",
"path": "/_mget",
"processingMillis": 0,
"req_method": "POST",
"task_id": 25324378,
"type": "MultiGetRequest",
"user": null
},
"_type": "ror_audit_evt"
},
{
"_id": "1597374857-984061082#25324385",
"_index": "readonlyrest_audit-2018-05-13",
"_score": 1.0,
"_source": {
"@timestamp": "2018-05-13T00:00:02Z",
"acl_history": "[passthrough->[]]",
"action": "cluster:monitor/state",
"content_len": 0,
"content_len_kb": 0,
"error_message": null,
"error_type": null,
"final_state": "ALLOWED",
"headers": [
"Authorization",
"Connection",
"Content-Length",
"Host"
],
"id": "1597374857-984061082#25324385",
"indices": [],
"origin": "xx.xx.xx.xx",
"path": "/_cluster/settings?include_defaults=true&filter_path=**.script.engine.*.inline",
"processingMillis": 0,
"req_method": "GET",
"task_id": 25324385,
"type": "ClusterStateRequest",
"user": null
},
"_type": "ror_audit_evt"
}
],
"max_score": 1.0,
"total": 116159
},
"timed_out": false,
"took": 1
}
Please let me know if I missed something
Thanks in advance