ProvideAuditlogFormat

Status: IsProposal

Author

Christian Theune

Problem

Zope 3 needs to provide an audit log generation facility that will log security related data for later analysis. Therefore we must agree on a format to follow. The automated analysis of this format will be handled in a proposal for a corresponding tool.

I just started a preliminary test to implement this and searched the web for a while to determine some standard formats and audit analyzing tools that would fit our situation. I found one site that has a quite comprehensive overview about the topic: Audit Trails

None of the mentioned formats look to be used widely neither did google turn up useful current tools. (I found one for the Bishop format that dates back to 1989.)

Background

See the doc/security/SecurityTarget?.txt document, section FAU_GEN and "The auditing subsystem". (This document is still a work in progress)

Options

Due to the non-availability of standardized tools and formats (correct me if I oversaw an available good one) I propose to agree on one of the following listed formats:

1. I started early work writing CSV data. This has the advantage to be fairly easy to parse for automated audits and is usable within Spreadsheets for ad-hoc manual analysis.
2. Generating XML data for possible exchange with other systems, should one arise in future, as it is fairly easy to generate and parse as well and more platform independent than CSV.

Proposal

I propose to agree on CSV as the format of choice.