-
Notifications
You must be signed in to change notification settings - Fork 23
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature request: Add a change audit log for app and server changes #258
Comments
We could use a gem like https://github.com/chaps-io/public_activity, but usually rolling a simple own Event/Activity log is easier to build and maintain due to the trivial nature. |
Quickly brainstorming, could have something like:
Bonus points if we add a "command execution" log to each event so you can see what the command execution was on the server and even log errors or success state for each command. |
@michiels Do we actually want to have the events specified up front? What do you think about a "normal" logbook type thing? Maybe with a couple of categories, i.e: |
@jvanbaarsen that's a good point, it would make the system more freeform. However, then we cannot add icons or for example filtering from one event dashboard. |
@jvanbaarsen I'd say you also want to filter on ENV vars added and Deploy Keys added/removed. As these are security auditing features we'd like to have. But yeah having a category "Security" or "Authorizations" is also fine. That would basically be the same as I suggested with the enums, but with a few more generic labels that communicate the same. |
For security and collaboration with other team members, it would be great if all changes to servers/apps made would trigger entries in some kind of activity/change audit log. This so that you can always trace back what happened to a server or an app over time. This is beneficial for security (spotting weird behavior) but also makes collaboration in a team easier, as you'll now who changed what on a server. Basically automating and providing automated infrastructure CMDB functionality.
An audit log could be as simple as a GitHub-issue style activity log for things like:
etc.
It's important that we create event logs for most important security and app environment changes first. Things like adding/removing apps and servers could be a bonus.
We could expand this feature with allowing an email notification (digest) to be sent out to all users of the Intercity instance so changes in configurations are automatically logged and notified.
Most important events to log:
The text was updated successfully, but these errors were encountered: