Feature: Add Audit logs for Administrators of the Organizations #2195
Comments
github-actions
bot
added
documentation
|
@pranshugupta54 did you check these out? #1479 #1480 #1829 |
|
@meetulr, that's actually just logging in a file. We are implementing a Audit log page for admins where they filter these logs so we should save the logs in database. Also we want to store things specific to Organization, currently the logs stored are just for creation/updation/deletion without linking Orgs and there is no way to fetch them on frontend. |
|
I would like to work on it. |
Yes, but those issues were first trying to do the same thing, but then directed to using |
|
@meetulr, actually I asked Ankit on Slack first. If you're interested, you can help us too, this will require more efforts so you both can work together on the backend part. I'll add a Slack channel for discussion over this.
|
|
I just made that comment casually😅, wasn't implying anything😂. But sure, if this issue requires collaboration, I'll be happy to contribute. |
|
Why don't we go for adding hybrid logging instead storing all bulk logs in db? I suggest to add critical logs in db for efficient querying and analysis. Less critical logs are logged to files which reduces db load and storage overhead. |
|
@varshith257, how exactly can we do that? Should we go for something like store all logs in a file and keep only upto 15 days in database 🤔 |
What less critical logs you are talking about ? |
|
User activities, status updates, debugging info etc... |
|
Actually it's more of Organization related logs like Org details update, User details update, Posts update, Events update. So nothing is critical here, it's all generic logging. Not system failure or alerts. |
|
We need to focus on other issues within Talawa right now, I am going to close this as unplanned for now. |
Is your feature request related to a problem? Please describe.
Currently, there are no audit logs capturing every activity within a particular organization. This lack of comprehensive auditing makes it challenging for administrators to track and monitor actions within their organization effectively.
Describe the solution you'd like
We propose implementing audit logs with filter features. Organization administrators should have access to audit logs specific to their organization, enabling them to monitor and review activities relevant to their operations. Additionally, a community superadmin should have access to logs spanning across all organizations within the community, providing a broader oversight capability.
Describe alternatives you've considered
One alternative solution could be manually tracking activities through ad-hoc methods, such as spreadsheets or notes. However, this approach is prone to errors, lacks automation, and can be time-consuming. Another alternative could be implementing third-party audit log solutions, but this may incur additional costs and integration complexities.
Approach to be followed (optional)
Define Audit Log Schema:
Create a schema for each log entry with the following fields:
Global Logging Function:
Create a global function that takes these parameters and saves the log entry to the database. This function will be invoked at relevant points in your application to log actions.
Integrate with API Calls:
Include the logging function in every API call that performs actions which should be logged. Pass the necessary parameters to the logging function to create a log entry for each action.
Query Functionality:
Implement a query function on the backend that retrieves audit logs based on specified parameters such as time range, performed by, action type, etc.
Frontend Integration:
Develop frontend components to interact with the query functionality and display audit logs to authorized users. This can be done through a dedicated admin dashboard or within relevant pages of the application.
Access Control:
Ensure that access to audit logs and the ability to query them is restricted to authorized users, such as administrators or superusers.
Testing and Validation:
Thoroughly test the logging and querying functionality to ensure that logs are captured accurately and can be retrieved based on various criteria.
Documentation and Training:
Document the implementation details of the audit logging system, including how to access and query logs. Provide training to administrators on how to use the logging interface effectively.
Additional context
The implementation of comprehensive audit logs with filter features will significantly enhance transparency, accountability, and security within organizations and communities. This feature will empower administrators to efficiently monitor activities, detect anomalies, and mitigate risks effectively.
Reference: PalisadoesFoundation/talawa-admin#1899
Potential internship candidates
Please read this if you are planning to apply for a Palisadoes Foundation internship here.
The text was updated successfully, but these errors were encountered: