Support pure json output for audit log (ydb-platform#10143)

vporyadke · Oct 23, 2024 · fdd604a · fdd604a
1 parent 1776442
commit fdd604a
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 2 deletions.
diff --git a/ydb/core/audit/audit_log_impl.cpp b/ydb/core/audit/audit_log_impl.cpp
@@ -91,6 +91,25 @@ TString GetJsonLog(const TEvAuditLog::TEvWriteAuditLog::TPtr& ev) {
     return ss.Str();
 }
 
+TString GetJsonLogCompatibleLog(const TEvAuditLog::TEvWriteAuditLog::TPtr& ev) {
+    const auto* msg = ev->Get();
+    NJsonWriter::TBuf json;
+    {
+        auto obj = json.BeginObject();
+        obj
+            .WriteKey("@timestamp")
+            .WriteString(msg->Time.ToString().data())
+            .WriteKey("@log_type")
+            .WriteString("audit");
+
+        for (auto& [k, v] : msg->Parts) {
+            obj.WriteKey(k).WriteString(v);
+        }
+        json.EndObject();
+    }
+    return json.Str();
+}
+
 TString GetTxtLog(const TEvAuditLog::TEvWriteAuditLog::TPtr& ev) {
     const auto* msg = ev->Get();
     TStringStream ss;
@@ -146,6 +165,9 @@ class TAuditLogActor final : public TActor<TAuditLogActor> {
                 case NKikimrConfig::TAuditConfig::TXT:
                     WriteLog(GetTxtLog(ev), logBackends.second);
                     break;
+                case NKikimrConfig::TAuditConfig::JSON_LOG_COMPATIBLE:
+                    WriteLog(GetJsonLogCompatibleLog(ev), logBackends.second);
+                    break;
                 default:
                     WriteLog(GetJsonLog(ev), logBackends.second);
                     break;

diff --git a/ydb/core/protos/config.proto b/ydb/core/protos/config.proto
@@ -1438,8 +1438,9 @@ message TMeteringConfig {
 
 message TAuditConfig {
     enum EFormat {
-        JSON = 1;
-        TXT = 2;
+        JSON = 1;                // Outputs audit log in format: "<time>: {"k1": "v1", "k2": "v2", ...}" where <time> is ISO 8601 format time string, k1, k2, ..., kn - fields of audit log message and v1, v2, ..., vn are their values
+        TXT = 2;                 // Outputs audit log in format: "<time>: k1=v1, k2=v2, ..." where <time> is ISO 8601 format time string, k1, k2, ..., kn - fields of audit log message and v1, v2, ..., vn are their values
+        JSON_LOG_COMPATIBLE = 3; // Outputs audit log in format: "{"@timestamp": "<ISO 8601 time>", "@log_type": "audit", "k1": "v1", "k2": "v2", ...}" where @timestamp is ISO 8601 format time string, k1, k2, ..., kn - fields of audit log message and v1, v2, ..., vn are their values // Suitable for output both debug log and audit log to the same destination (stderr)
     }
 
     message TStderrBackend {

diff --git a/ydb/library/actors/core/log.cpp b/ydb/library/actors/core/log.cpp
@@ -486,6 +486,8 @@ namespace NActors {
                 j.BeginObject()
                     .WriteKey("@timestamp")
                     .WriteString(Settings->UseLocalTimestamps ? FormatLocalTimestamp(time, buf) : time.ToString().data())
+                    .WriteKey("@log_type")
+                    .WriteString("debug")
                     .WriteKey("microseconds")
                     .WriteULongLong(time.MicroSeconds())
                     .WriteKey("host")