|
1 | 1 | # Audit |
| 2 | + |
| 3 | +The Audit system in Polykey provides a way to track and retrieve events that occur within the Polykey agent. This feature is essential for security monitoring, troubleshooting, and compliance purposes. |
| 4 | + |
| 5 | +## Overview |
| 6 | + |
| 7 | +The Audit system records various events that occur during the operation of a Polykey node. These events are stored in a structured format and can be retrieved for analysis. The system is designed to be efficient and secure, with events stored in the node's database. |
| 8 | + |
| 9 | +## Core Components |
| 10 | + |
| 11 | +### Audit Class |
| 12 | + |
| 13 | +The `Audit` class is the main component of the audit system. It provides methods for: |
| 14 | + |
| 15 | +- Recording audit events |
| 16 | +- Retrieving audit events |
| 17 | +- Managing the audit event lifecycle |
| 18 | + |
| 19 | +### Audit Events |
| 20 | + |
| 21 | +Audit events have the following structure: |
| 22 | + |
| 23 | +- `id`: A unique identifier for the event |
| 24 | +- `path`: An array of strings representing the event category/path |
| 25 | +- `data`: The event data, which can contain any relevant information about the event |
| 26 | + |
| 27 | +## Usage |
| 28 | + |
| 29 | +### Retrieving Audit Events |
| 30 | + |
| 31 | +Audit events can be retrieved from a node using the `nodesAuditEventsGet` RPC method. This method supports: |
| 32 | + |
| 33 | +- Pagination through `seek` and `seekEnd` parameters |
| 34 | +- Limiting the number of results with the `limit` parameter |
| 35 | +- Ordering results in ascending or descending order |
| 36 | + |
| 37 | +Example usage through the node connection: |
| 38 | + |
| 39 | + |
| 40 | + |
| 41 | +### Event Types |
| 42 | + |
| 43 | +The audit system can record various types of events, including but not limited to: |
| 44 | + |
| 45 | +- Node connection events |
| 46 | +- Authentication events |
| 47 | +- Vault operations |
| 48 | +- Secret access events |
| 49 | +- Permission changes |
| 50 | + |
| 51 | +Each event type has a specific path structure and data format. |
| 52 | + |
| 53 | +## Security Considerations |
| 54 | + |
| 55 | +Audit events are stored locally on the node and are only accessible to authorized users with appropriate permissions. When retrieving audit events from another node, proper authentication and authorization are required. |
| 56 | + |
| 57 | +## Integration with Other Components |
| 58 | + |
| 59 | +The audit system is integrated with various components of the Polykey system: |
| 60 | + |
| 61 | +- The `PolykeyAgent` includes the audit system in its initialization |
| 62 | +- The agent service exposes audit functionality through RPC methods |
| 63 | +- Node connections can access audit events from connected nodes |
| 64 | + |
| 65 | +## Future Enhancements |
| 66 | + |
| 67 | +Future versions of the audit system may include: |
| 68 | + |
| 69 | +- Additional event types |
| 70 | +- Enhanced filtering capabilities |
| 71 | +- Export functionality for audit logs |
| 72 | +- Integration with external logging systems |
![promptless[bot]](https://avatars.githubusercontent.com/in/979718?v=4&size=40){kind=avatar}
0 commit comments