Skip to content

Instantly share code, notes, and snippets.

@rbazinet

rbazinet/README.md

Forked from derwiki/README.md
Created March 9, 2016 20:35
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save rbazinet/b4d6505a0ca567ceaa91 to your computer and use it in GitHub Desktop.
Save rbazinet/b4d6505a0ca567ceaa91 to your computer and use it in GitHub Desktop.
Download ZIP
Ruby module that you can use in a `before_action` on sensitive controllers for which you'd like a usage audit trail
Raw
README.md

Adding an audit log to your Rails app

If you have any sort of administrative interface on your web site, you can easily imagine an intruder gaining access and mucking about. How do you know the extent of the damage? Adding an audit log to your app is one quick solution. An audit log should record a few things:

  • controller entry points with parameter values
  • permanent information about the user, like user_id
  • transient information about the user, like IP and user_agent

Using the Rails framework, this is as simple as adding a before_action to your admin controllers. Here’s a basic version that I’m using in production.

Raw
admin_controller.rb
require 'audit_log'
class AdminController < ApplicationController
include AuditLog
before_action :auto_log
end
Raw
audit_log.rb
require 'geoip'
module AuditLog
def geoip
@@geoip ||= GeoIP.new(File.join(Rails.root, '/lib/GeoIPCity.dat'))
end
def auto_log
rails_action = "#{ params[:controller] }##{ params[:action] }"
rails_params = params.except(:controller, :action)
details = {
:logger => 'AuditLog',
:action => rails_action,
:ip_address => request.remote_ip,
:geo_ip => geoip.city(request.remote_ip).to_h,
:user_id => current_user&.id,
:user_email => current_user&.email,
:user_name => current_user&.name,
:params => rails_params,
:user_agent => request.user_agent
}
Rails.logger.info MultiJson.dump(details)
end
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment