|
| 1 | +# Cacti Audit Plugin Development Instructions |
| 2 | + |
| 3 | +## Project Overview |
| 4 | +This is a Cacti plugin designed to audit user activities, including configuration changes and CLI commands. It hooks into Cacti's core to capture `$_POST` data and logs it to the `audit_log` table. |
| 5 | + |
| 6 | +## Architecture & Core Components |
| 7 | +- **Plugin Entry (`setup.php`)**: Registers hooks, realms, and handles installation/upgrades. |
| 8 | +- **Audit Logic (`audit_functions.php`)**: Contains `audit_process_page_data` which resolves object IDs to human-readable names for specific Cacti pages. |
| 9 | +- **UI (`audit.php`)**: The main interface for viewing audit logs. |
| 10 | +- **Database**: Uses the `audit_log` table. Schema updates are handled in `audit_check_upgrade()` within `setup.php`. |
| 11 | + |
| 12 | +## Key Development Patterns |
| 13 | + |
| 14 | +### 1. Extending Audit Coverage |
| 15 | +To add detailed auditing for a new Cacti page (e.g., resolving an ID to a name), modify `audit_process_page_data` in `audit_functions.php`. |
| 16 | + |
| 17 | +**Pattern:** |
| 18 | +```php |
| 19 | +case 'your_page.php': |
| 20 | + foreach ($selected_items as $item) { |
| 21 | + // Fetch descriptive data for the item ID |
| 22 | + $objects[] = db_fetch_assoc_prepared('SELECT name FROM your_table WHERE id = ?', array($item)); |
| 23 | + } |
| 24 | + break; |
| 25 | +``` |
| 26 | + |
| 27 | +### 2. Database Interaction |
| 28 | +Always use Cacti's database wrapper functions. **Never** use raw PHP MySQL functions. |
| 29 | +- `db_fetch_assoc_prepared($sql, $params)`: For fetching multiple rows. |
| 30 | +- `db_fetch_row_prepared($sql, $params)`: For fetching a single row. |
| 31 | +- `db_fetch_cell_prepared($sql, $params)`: For fetching a single value. |
| 32 | +- `db_execute_prepared($sql, $params)`: For INSERT/UPDATE/DELETE. |
| 33 | + |
| 34 | +### 3. Input Handling & Security |
| 35 | +- Use `get_request_var('var_name')` or `get_filter_request_var('var_name')` to retrieve `$_GET`/`$_POST` data. |
| 36 | +- Ensure all user-facing strings are localized using `__('String', 'audit')`. |
| 37 | + |
| 38 | +### 4. Plugin Hooks |
| 39 | +Hooks are registered in `plugin_audit_install()` in `setup.php`. |
| 40 | +- `config_insert`: The primary hook used to capture data changes. |
| 41 | +- `is_console_page`: Determines if the plugin page is part of the console. |
| 42 | + |
| 43 | +### 5. SIEM / File Logging |
| 44 | +The plugin supports writing audit logs to an external file (JSON format) for SIEM ingestion. |
| 45 | +- **Configuration**: Controlled by `audit_log_external` (on/off) and `audit_log_external_path` settings in `setup.php`. |
| 46 | +- **Implementation**: Logic resides in `audit_functions.php`. It writes JSON-encoded events to the specified file. |
| 47 | +- **Permissions**: Ensure the web server user has write permissions to the target directory. |
| 48 | + |
| 49 | +## Common Workflows |
| 50 | + |
| 51 | +### Installation/Upgrade |
| 52 | +- The plugin resides in `plugins/audit/`. |
| 53 | +- Version changes in `INFO` trigger `audit_check_upgrade()` in `setup.php`. |
| 54 | +- Always increment the version in `INFO` and `setup.php` when making schema changes. |
| 55 | + |
| 56 | +### Localization |
| 57 | +- Run `locales/build_gettext.sh` to regenerate `.pot` and `.mo` files after adding new translatable strings. |
| 58 | +- Domain must always be `'audit'`. |
| 59 | + |
| 60 | +## Clean as you Code & Refactoring Opportunities |
| 61 | +When touching existing code, look for opportunities to improve quality: |
| 62 | + |
| 63 | +1. **N+1 Query Optimization**: |
| 64 | + - **Issue**: `audit_process_page_data` often loops through `$selected_items` and executes a SQL query for *each* item. |
| 65 | + - **Refactor**: Aggregate IDs and use `WHERE id IN (?, ?, ...)` to fetch all data in a single query. |
| 66 | + |
| 67 | +2. **Modern File Operations**: |
| 68 | + - **Issue**: Usage of `fopen`/`fwrite`/`fclose`. |
| 69 | + - **Refactor**: Use `file_put_contents()` with `FILE_APPEND` and `LOCK_EX` flags for atomic, cleaner file writing. |
| 70 | + |
| 71 | +3. **Switch Statement Complexity**: |
| 72 | + - **Issue**: `audit_process_page_data` contains a massive switch statement. |
| 73 | + - **Refactor**: Consider extracting case logic into separate handler functions or a map-based strategy to improve readability. |
| 74 | + |
| 75 | +## Directory Structure |
| 76 | +- `setup.php`: Plugin registration and hooks. |
| 77 | +- `audit.php`: Main UI file. |
| 78 | +- `audit_functions.php`: Helper functions and logic. |
| 79 | +- `locales/`: Translation files. |
| 80 | +- `INFO`: Plugin metadata (version, author, etc.). |
0 commit comments