auditlog

package

v1.82.5 Latest Latest Go to latest Published: Apr 17, 2025 License: BSD-3-Clause Imports: 12 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/tailscale/tailscale

Links

Open Source Insights

Documentation ¶

Overview ¶

Package auditlog provides a mechanism for logging audit events.

Index ¶

Variables
func IsRetryableError(err error) bool
type LogStore
- func NewLogStore(store ipn.StateStore) LogStore
type Logger
- func NewLogger(opts Opts) *Logger
type Opts
type Transport

Constants ¶

This section is empty.

Variables ¶

View Source

var ErrAuditLogStorageFailure = errors.New("audit log storage failure")

ErrAuditLogStorageFailure is returned when the logger fails to persist logs to the store.

Functions ¶

func IsRetryableError ¶

func IsRetryableError(err error) bool

IsRetryableError returns true if the given error is retryable See [controlclient.apiResponseError]. Potentially retryable errors implement the Retryable() method.

Types ¶

type LogStore ¶

type LogStore interface {
	// contains filtered or unexported methods
}

LogStore provides a means for a Logger to persist logs to disk or memory.

func NewLogStore ¶

func NewLogStore(store ipn.StateStore) LogStore

NewLogStore creates a new LogStateStore with the given ipn.StateStore.

type Logger ¶

type Logger struct {
	// contains filtered or unexported fields
}

Logger provides a queue-based mechanism for submitting audit logs to the control plane - or another suitable consumer. Logs are stored to disk and retried until they are successfully sent, or until they permanently fail.

Each individual profile/controlclient tuple should construct and manage a unique Logger instance.

func NewLogger ¶

func NewLogger(opts Opts) *Logger

NewLogger creates a new Logger with the given options.

func (*Logger) Enqueue ¶

func (al *Logger) Enqueue(action tailcfg.ClientAuditAction, details string) error

Enqueue queues an audit log to be sent to the control plane (or another suitable consumer/transport). This will return an error if the underlying store fails to save the log or we fail to generate a unique eventID for the log.

func (*Logger) FlushAndStop ¶

func (al *Logger) FlushAndStop(ctx context.Context)

FlushAndStop synchronously flushes all pending logs and stops the audit logger. This will block until a final flush operation completes or context is done. If the logger is already stopped, this will return immediately. All unsent logs will be persisted to the store.

func (*Logger) SetProfileID ¶

func (al *Logger) SetProfileID(profileID ipn.ProfileID) error

SetProfileID sets the profileID for the logger. This must be called before any logs can be enqueued. The profileID of a logger cannot be changed once set.

func (*Logger) Start ¶

func (al *Logger) Start(t Transport) error

Start starts the audit logger with the given transport. It returns an error if the logger is already started.

type Opts ¶

type Opts struct {
	// RetryLimit is the maximum number of attempts the logger will make to send a log before giving up.
	RetryLimit int
	// Store is the persistent store used to save logs to disk. Must be non-nil.
	Store LogStore
	// Logf is the logger used to log messages from the audit logger. Must be non-nil.
	Logf logger.Logf
}

Opts contains the configuration options for a Logger.

type Transport ¶

type Transport interface {
	// SendAuditLog sends an audit log to a consumer of audit logs.
	// Errors should be checked with [IsRetryableError] for retryability.
	SendAuditLog(context.Context, tailcfg.AuditLogRequest) error
}

Transport provides a means for a client to send audit logs to a consumer (typically the control plane).

Source Files ¶

View all Source files

auditlog.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL