Separate audit logs from server logs.

This change will help users to separate logs for each apps based on conditional logging. Signed-off-by: Sujith H <[email protected]>
owncloud · Mar 23, 2017 · f7d08e5 · f7d08e5
1 parent 8b9f6dc
commit f7d08e5
Show file tree

Hide file tree

Showing 3 changed files with 55 additions and 24 deletions.
diff --git a/config/config.sample.php b/config/config.sample.php
@@ -602,13 +602,25 @@
  *                this condition is met
  *  - ``apps``:   if the log message is invoked by one of the specified apps,
  *                this condition is met
+ *  - ``logfile``: the log message invoked by the specified apps get redirected to
+ *		   this logfile, this condition is met
+ *		   Note: Not applicapable when using syslog.
  *
  * Defaults to an empty array.
  */
 'log.condition' => [
-	'shared_secret' => '57b58edb6637fe3059b3595cf9c41b9',
-	'users' => ['sample-user'],
-	'apps' => ['files'],
+        [
+		'shared_secret' => '57b58edb6637fe3059b3595cf9c41b9',
+                'users' => ['user1'],
+                'apps' => ['files_texteditor'],
+                'logfile' => '/tmp/test.log'
+        ],
+        [
+		'shared_secret' => '57b58edb6637fe3059b3595cf9c41b9',
+                'users' => ['user1'],
+                'apps' => ['gallery'],
+                'logfile' => '/tmp/gallery.log'
+        ],
 ],
 
 /**

diff --git a/lib/private/Log.php b/lib/private/Log.php
@@ -231,6 +231,7 @@ public function debug($message, array $context = []) {
 	public function log($level, $message, array $context = []) {
 		$minLevel = min($this->config->getValue('loglevel', Util::WARN), Util::FATAL);
 		$logCondition = $this->config->getValue('log.condition', []);
+		$logConditionFile = null;
 
 		array_walk($context, [$this->normalizer, 'format']);
 
@@ -241,10 +242,17 @@ public function log($level, $message, array $context = []) {
 			 * check log condition based on the context of each log message
 			 * once this is met -> change the required log level to debug
 			 */
-			if(!empty($logCondition)
-				&& isset($logCondition['apps'])
-				&& in_array($app, $logCondition['apps'], true)) {
-				$minLevel = Util::DEBUG;
+			if(!empty($logCondition)) {
+				foreach ($logCondition as $multipleConditions) {
+					if(isset($multipleConditions['apps'])
+					   && in_array($app, $multipleConditions['apps'], true)) {
+						$minLevel = Util::DEBUG;
+						if (!empty($multipleConditions['logfile'])) {
+							$logConditionFile = $multipleConditions['logfile'];
+							break;
+						}
+					}
+				}
 			}
 
 		} else {
@@ -268,23 +276,28 @@ public function log($level, $message, array $context = []) {
 			$this->logConditionSatisfied = false;
 			if(!empty($logCondition)) {
 
-				// check for secret token in the request
-				if(isset($logCondition['shared_secret'])) {
-					$request = \OC::$server->getRequest();
+				foreach ($logCondition as $multipleConditions) {
 
-					// if token is found in the request change set the log condition to satisfied
-					if($request && hash_equals($logCondition['shared_secret'], $request->getParam('log_secret'))) {
-						$this->logConditionSatisfied = true;
+					// check for secret token in the request
+					if (isset($multipleConditions['shared_secret'])) {
+						$request = \OC::$server->getRequest();
+
+						// if token is found in the request change set the log condition to satisfied
+						if ($request && hash_equals($multipleConditions['shared_secret'], $request->getParam('log_secret'))) {
+							$this->logConditionSatisfied = true;
+							break;
+						}
 					}
-				}
 
-				// check for user
-				if(isset($logCondition['users'])) {
-					$user = \OC::$server->getUserSession()->getUser();
+					// check for user
+					if (isset($multipleConditions['users'])) {
+						$user = \OC::$server->getUserSession()->getUser();
 
-					// if the user matches set the log condition to satisfied
-					if($user !== null && in_array($user->getUID(), $logCondition['users'], true)) {
-						$this->logConditionSatisfied = true;
+						// if the user matches set the log condition to satisfied
+						if ($user !== null && in_array($user->getUID(), $multipleConditions['users'], true)) {
+							$this->logConditionSatisfied = true;
+							break;
+						}
 					}
 				}
 			}
@@ -297,7 +310,7 @@ public function log($level, $message, array $context = []) {
 
 		if ($level >= $minLevel) {
 			$logger = $this->logger;
-			call_user_func([$logger, 'write'], $app, $message, $level);
+			call_user_func([$logger, 'write'], $app, $message, $level, $logConditionFile);
 		}
 	}
 

diff --git a/lib/private/Log/Owncloud.php b/lib/private/Log/Owncloud.php
@@ -67,8 +67,9 @@ public static function init() {
 	 * @param string $app
 	 * @param string $message
 	 * @param int $level
+	 * @param string conditionalLogFile
 	 */
-	public static function write($app, $message, $level) {
+	public static function write($app, $message, $level, $conditionalLogFile = null) {
 		$config = \OC::$server->getSystemConfig();
 
 		// default to ISO8601
@@ -110,8 +111,13 @@ public static function write($app, $message, $level) {
 			'user'
 		);
 		$entry = json_encode($entry);
-		$handle = @fopen(self::$logFile, 'a');
-		@chmod(self::$logFile, 0640);
+		if (!is_null($conditionalLogFile)) {
+			$handle = @fopen($conditionalLogFile, 'a');
+			@chmod($conditionalLogFile, 0640);
+		} else {
+			$handle = @fopen(self::$logFile, 'a');
+			@chmod(self::$logFile, 0640);
+		}
 		if ($handle) {
 			fwrite($handle, $entry."\n");
 			fclose($handle);