|
| 1 | +# Cacti Audit Plugin AI Instructions |
| 2 | + |
| 3 | +## Architecture Overview |
| 4 | +This is a Cacti plugin that logs GUI and CLI activities to an audit trail. The plugin hooks into Cacti's event system to capture user actions. |
| 5 | + |
| 6 | +**Core Components:** |
| 7 | +- [`setup.php`](../setup.php): Plugin lifecycle (install/uninstall/upgrade) and hook registration via `api_plugin_register_hook()` |
| 8 | +- [`audit.php`](../audit.php): Web UI for viewing/exporting/purging audit logs; handles actions via `switch(get_request_var('action'))` |
| 9 | +- [`audit_functions.php`](../audit_functions.php): Core logging logic in `audit_config_insert()` and page-specific data extraction in `audit_process_page_data()` |
| 10 | +- Database: Single `audit_log` table with columns: `page`, `user_id`, `action`, `ip_address`, `user_agent`, `event_time`, `post` (JSON), `object_data` (JSON) |
| 11 | + |
| 12 | +**Data Flow:** |
| 13 | +1. Cacti triggers `config_insert` hook on POST requests → `audit_config_insert()` executes |
| 14 | +2. Function validates event via `audit_log_valid_event()`, sanitizes `$_POST`, removes passwords |
| 15 | +3. If `selected_items` present, `audit_process_page_data()` extracts object details from DB |
| 16 | +4. Event logged to `audit_log` table + optional external JSON file |
| 17 | + |
| 18 | +## Critical Conventions |
| 19 | + |
| 20 | +### Function Naming |
| 21 | +ALL functions MUST use `audit_` or `plugin_audit_` prefix to avoid namespace collisions with Cacti core. |
| 22 | + |
| 23 | +### Input Handling (Security Critical) |
| 24 | +**NEVER** access `$_GET`/`$_POST` directly. Always use: |
| 25 | +- `get_request_var('name')` - for basic input |
| 26 | +- `get_filter_request_var('name')` - for validated/filtered input |
| 27 | +- `get_nfilter_request_var('name')` - for non-filtered input |
| 28 | +- `isset_request_var('name')` - to check existence |
| 29 | + |
| 30 | +Example from [`audit.php`](../audit.php#L30): |
| 31 | +```php |
| 32 | +switch(get_request_var('action')) { |
| 33 | +case 'export': |
| 34 | + audit_export_rows(); |
| 35 | + break; |
| 36 | +``` |
| 37 | + |
| 38 | +### Database Operations (Security Critical) |
| 39 | +**ALWAYS** use prepared statements, NEVER string concatenation: |
| 40 | +- `db_execute_prepared($sql, $params)` - for INSERT/UPDATE/DELETE |
| 41 | +- `db_fetch_assoc_prepared($sql, $params)` - for SELECT returning rows |
| 42 | +- `db_fetch_row_prepared($sql, $params)` - for single row |
| 43 | +- `db_fetch_cell($sql)` - only for queries without user input |
| 44 | + |
| 45 | +Example from [`audit_functions.php`](../audit_functions.php#L210-L212): |
| 46 | +```php |
| 47 | +db_execute_prepared('INSERT INTO audit_log (page, user_id, action, ip_address, user_agent, event_time, post, object_data) |
| 48 | + VALUES (?, ?, ?, ?, ?, ?, ?, ?)', |
| 49 | + array($page, $user_id, $action, $ip_address, $user_agent, $event_time, $post, $object_data)); |
| 50 | +``` |
| 51 | + |
| 52 | +### Localization |
| 53 | +Wrap ALL user-facing strings in `__('String', 'audit')`. The second parameter `'audit'` is the text domain. |
| 54 | + |
| 55 | +Example: `__('View Audit Log', 'audit')` |
| 56 | + |
| 57 | +For plurals: `__('%d Months', 2, 'audit')` |
| 58 | + |
| 59 | +### UI Structure |
| 60 | +- Use `top_header()` before and `bottom_footer()` after page content |
| 61 | +- Use `html_start_box()` / `html_end_box()` for content sections |
| 62 | +- Access Cacti config: `global $config;` |
| 63 | + |
| 64 | +## Developer Workflows |
| 65 | + |
| 66 | +### Testing Integration |
| 67 | +GitHub Actions runs tests against live Cacti install. See [`.github/workflows/plugin-ci-workflow.yml`](../.github/workflows/plugin-ci-workflow.yml): |
| 68 | +- Tests against PHP 8.1, 8.2, 8.3 |
| 69 | +- Plugin must be in `cacti/plugins/audit` directory (NOT `plugin_audit`) |
| 70 | +- MySQL 8.0 service with user `cactiuser:cactiuser`, database `cacti` |
| 71 | + |
| 72 | +### Localization Workflow |
| 73 | +```bash |
| 74 | +cd locales |
| 75 | +./build_gettext.sh |
| 76 | +``` |
| 77 | +Requires `xgettext` (GNU gettext). Regenerates `po/cacti.pot` from all `__()` calls, then compiles `.po` → `.mo` files. |
| 78 | + |
| 79 | +### Upgrades & Schema Changes |
| 80 | +When adding DB columns, update `audit_check_upgrade()` in [`setup.php`](../setup.php#L69-L100): |
| 81 | +```php |
| 82 | +db_execute('ALTER TABLE audit_log ADD COLUMN IF NOT EXISTS object_data LONGBLOB'); |
| 83 | +``` |
| 84 | +This runs on plugin version change detection. |
| 85 | + |
| 86 | +## Hook System |
| 87 | +Hooks registered in `plugin_audit_install()`: |
| 88 | +- `config_insert` - Main logging trigger (fires on POST requests) |
| 89 | +- `poller_bottom` - Daily cleanup of old records based on retention setting |
| 90 | +- `config_arrays` - Inject menu items and configuration arrays |
| 91 | +- `config_settings` - Add admin settings page |
| 92 | +- `draw_navigation_text` - Define breadcrumb navigation |
| 93 | +- `replicate_out` - Table replication for remote pollers |
| 94 | + |
| 95 | +## Key Files Reference |
| 96 | +- [`setup.php`](../setup.php) - Hook registration, table schema, upgrade logic |
| 97 | +- [`audit.php`](../audit.php) - UI controller with export/purge/getdata actions |
| 98 | +- [`audit_functions.php`](../audit_functions.php) - `audit_config_insert()` (main logger), `audit_process_page_data()` (extract object details) |
| 99 | +- [`locales/build_gettext.sh`](../locales/build_gettext.sh) - Translation builder |
| 100 | +- [`.github/workflows/plugin-ci-workflow.yml`](../.github/workflows/plugin-ci-workflow.yml) - Integration tests |
0 commit comments