Skip to content

Commit

Permalink
Audit: log 'warnings' from eventlogger even if audit is deemed a succ…
Browse files Browse the repository at this point in the history
…ess (#27809)

* make sure we still log underyling pipeline errors even if audit is deemed a success

* changelog
  • Loading branch information
Peter Wilson authored and Monkeychip committed Jul 24, 2024
1 parent 572d07b commit f14bb05
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 0 deletions.
12 changes: 12 additions & 0 deletions audit/broker.go
Original file line number Diff line number Diff line change
Expand Up @@ -315,6 +315,12 @@ func (b *Broker) LogRequest(ctx context.Context, in *logical.LogInput) (ret erro

// Audit event ended up in at least 1 sink.
if len(status.CompleteSinks()) > 0 {
// We should log warnings to the operational logs regardless of whether
// we consider the overall auditing attempt to be successful.
if len(status.Warnings) > 0 {
b.logger.Error("log request underlying pipeline error(s)", "error", &multierror.Error{Errors: status.Warnings})
}

return retErr.ErrorOrNil()
}

Expand Down Expand Up @@ -397,6 +403,12 @@ func (b *Broker) LogResponse(ctx context.Context, in *logical.LogInput) (ret err

// Audit event ended up in at least 1 sink.
if len(status.CompleteSinks()) > 0 {
// We should log warnings to the operational logs regardless of whether
// we consider the overall auditing attempt to be successful.
if len(status.Warnings) > 0 {
b.logger.Error("log response underlying pipeline error(s)", "error", &multierror.Error{Errors: status.Warnings})
}

return retErr.ErrorOrNil()
}

Expand Down
3 changes: 3 additions & 0 deletions changelog/27809.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:improvement
audit: Ensure that any underyling errors from audit devices are logged even if we consider auditing to be a success.
```

0 comments on commit f14bb05

Please sign in to comment.