What do you mean the query?
Do you see the println or not?
Yes,
see printPl entnry i log. nlease see my post from Apr 15:
For example, we want to audit the whole query.
GET /customer/_search
{
“query” : { “match” : { “name” : “ben” } }
}}
now we can see just: “GET /customer/_search”
without: " “query” : { “match” : { “name” : “ben” } } "I
If what you are missing is just logging the http body, just add it to the returned map:
theMap.put("query", context.getRequestContext().getContent());
Hi,
Still empty “query”
{
"_id": "555678544-25378676#3692063",
"_index": "readonlyrest_audit-2018-07-24",
"_score": 1.0,
"_source": {
"query": "TEST:getHistoryString():[passthrough->[]]"
},
"_type": "ror_audit_evt"
},
My Custom Serializer:
more MyCustomSerializer.java
import tech.beshu.ror.commons.ResponseContext;
import tech.beshu.ror.requestcontext.AuditLogSerializer;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
public class MyCustomSerializer implements AuditLogSerializer {
@Override
public Map<String, ?> createLoggableEntry(ResponseContext context) {
System.out.println("In MyCustomSerializer.createLoggableEntry() :: " + new Date().toString());
Map<String, Object> theMap = new HashMap<>();
//theMap.put("indices", "TEST:getIndices():{" + context.getRequestContext().getIndices() + "}");
theMap.put("query", "MYTEST:getContent():{" + context.getRequestContext().getContent() + "}");
theMap.put("query", "TEST:getHeaders():" + context.getRequestContext().getHeaders());
theMap.put("query", "TEST:getAction():" + context.getRequestContext().getAction());
theMap.put("query", "TEST:getUri():" + context.getRequestContext().getUri());
theMap.put("query", "TEST:getHistoryString():" + context.getRequestContext().getHistoryString());
return theMap;
}
}
Very weird, can you print the actual request context object toString()? To see if we have any information inside of it.
I have just tried to create a custom serializer and I can print the request context content.
package tech.beshu.ror.requestcontext;
import tech.beshu.ror.commons.ResponseContext;
import java.util.HashMap;
import java.util.Map;
public class LudacaTestCustomSerializer implements AuditLogSerializer {
@Override
public Object createLoggableEntry(ResponseContext context) {
Map<String, Object> m = new HashMap<>(2);
m.put("indices_buzz", context.getRequestContext().getIndices());
m.put("query_fizz", context.getRequestContext().getContent());
return m;
}
}
{
"_index": "readonlyrest_audit-2018-07-24",
"_type": "ror_audit_evt",
"_id": "398656045--1587085937#2932",
"_score": 1,
"_source": {
"indices_buzz": [
"r*"
],
"query_fizz": "{\"query\":{ \"match\" : { \"name\" : \"ben\" } }}"
}
}
$ jar -ft plugins/readonlyrest/CUSTOMSER.jar
META-INF/
META-INF/MANIFEST.MF
tech/
tech/beshu/
tech/beshu/ror/
tech/beshu/ror/requestcontext/
tech/beshu/ror/requestcontext/LudacaTestCustomSerializer.class
You can find the jar containing the serializer here.
$ head config/readonlyrest.yml
readonlyrest:
audit_collector: true
audit_serializer: tech.beshu.ror.requestcontext.LudacaTestCustomSerializer
I’m so happy
It’s work with your example
Thank you so much!
Wow that’s great! What was the problem??
Hello,
Sorry for delay, it’s vacation period
This line was removed from my java file: m.put(“indices_buzz”, context.getRequestContext().getIndices())
because it sent a huge number of exceptions in ES log.
In addition, could I catch username performed the query?
Thanks again
Hi @ludaca, I believe the getIndices threw exceptions because there was no check if the request involves indices. If you see how the DefaultAuditLogSerializer does that:
You can log the logged user name taking inspiration from the same file as above: