-
Type:
Suggestion
-
Resolution: Unresolved
-
None
-
Component/s: System Administration - Audit Logs
-
None
-
1
-
9
Problem Description
- In Bitbucket 7.0 the audit logging changed
- When that changed occurred the following conditional was added to the logback-spring.xml:
<springProperty scope="context" name="enableLegacyAuditLog" source="audit.legacy.log" defaultValue="false"/> <if condition='property("enableLegacyAuditLog").equals("true")'> <then> <appender name="bitbucket.auditlog" class="ch.qos.logback.core.rolling.RollingFileAppender"> <encoder> <charset>UTF-8</charset> <pattern>%m%n</pattern> </encoder> <file>${log.dir}/audit/atlassian-bitbucket-audit.log</file> <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> <fileNamePattern>${log.dir}/audit/atlassian-bitbucket-audit-%d.%i.log.gz</fileNamePattern> <maxFileSize>25MB</maxFileSize> <maxHistory>100</maxHistory> </rollingPolicy> </appender> <!-- Enable audit logging and direct it to its own separate appender if it is enabled --> <logger name="bitbucket.audit-log" level="DEBUG" additivity="true"> <appender-ref ref="bitbucket.auditlog"/> </logger> </then> </if>
- This conditional checks to see if legacy audit logging is enabled and if so it will revert to writing to the logfile specified in the appender definition
- I was able to get audit logging written to SYSLOG by adding changes inside the conditional and using the facility attribute USER eg.:
<springProperty scope="context" name="enableLegacyAuditLog" source="audit.legacy.log" defaultValue="false"/> <if condition='property("enableLegacyAuditLog").equals("true")'> <then> <appender name="bitbucket.auditlog" class="ch.qos.logback.core.rolling.RollingFileAppender"> <encoder> <charset>UTF-8</charset> <pattern>%m%n</pattern> </encoder> <file>${log.dir}/audit/atlassian-bitbucket-audit.log</file> <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> <fileNamePattern>${log.dir}/audit/atlassian-bitbucket-audit-%d.%i.log.gz</fileNamePattern> <maxFileSize>25MB</maxFileSize> <maxHistory>100</maxHistory> </rollingPolicy> </appender> <appender name="SYSLOG" class="ch.qos.logback.classic.net.SyslogAppender"> <syslogHost>172.28.128.103</syslogHost> <facility>USER</facility> <port>514</port> <suffixPattern>[%thread] %logger %msg</suffixPattern> </appender> <!-- Enable audit logging and direct it to its own separate appender if it is enabled --> <logger name="bitbucket.audit-log" level="DEBUG" additivity="true"> <appender-ref ref="bitbucket.auditlog"/> <appender-ref ref="SYSLOG"/> </logger> </then> </if>
- From there legacy audit logging needed to be enabled by adding the following to the $BITBUCKET_HOME/shared/bitbucket.properties file:
audit.legacy.log=true - From here I can see the audit logging written to SYSLOG during startup:
Apr 29 13:33:44 vagrant [audit-broker-consumer-thread-707705260] bitbucket.audit-log - | Plugin enabled | System | 1619703186185 | com.atlassian.prettyurls.atlassian-pretty-urls-plugin | - | - | - Apr 29 13:33:44 vagrant [audit-broker-consumer-thread-707705260] bitbucket.audit-log - | Plugin enabled | System | 1619703186192 | com.atlassian.soy.soy-template-plugin | - | - | - Apr 29 13:33:44 vagrant [audit-broker-consumer-thread-707705260] bitbucket.audit-log - | Plugin enabled | System | 1619703186200 | com.atlassian.stash.plugins.stash-remote-event-bitbucket-server-spi | - | - | - Apr 29 13:33:44 vagrant [audit-broker-consumer-thread-707705260] bitbucket.audit-log - | Plugin enabled | System | 1619703186244 | com.atlassian.troubleshooting.plugin-bitbucket | - | - | - Apr 29 13:33:44 vagrant [audit-broker-consumer-thread-707705260] bitbucket.audit-log - | Plugin enabled | System | 1619703186251 | com.atlassian.webhooks.atlassian-webhooks-plugin | - | - | - Apr 29 13:33:44 vagrant [audit-broker-consumer-thread-707705260] bitbucket.audit-log - | Plugin enabled | System | 1619703186252 | com.springsource.net.jcip.annotations-1.0.0 | - | - | - Apr 29 13:33:44 vagrant [audit-broker-consumer-thread-707705260] bitbucket.audit-log - | Plugin enabled | System | 1619703186259 | tac.bitbucket.languages.de_DE | - | - | - Apr 29 13:33:44 vagrant [audit-broker-consumer-thread-707705260] bitbucket.audit-log - | Plugin enabled | System | 1619703186269 | tac.bitbucket.languages.fr_FR | - | - | - Apr 29 13:33:44 vagrant [audit-broker-consumer-thread-707705260] bitbucket.audit-log - | Plugin enabled | System | 1619703186286 | tac.bitbucket.languages.ja_JP | - | - | - Apr 29 13:35:16 vagrant systemd-networkd[1591]: eth1: DHCP: No routes received from DHCP server: No data available
- As well as when I perform an operation in the BASE audit scope like creating or deleting a user:
Apr 29 13:42:28 vagrant [audit-broker-consumer-thread-707705260] bitbucket.audit-log 172.28.128.1 | User deleted | nhansberry | 1619703748024 | test | - | - | -
If this all relies on enabling legacy audit logging, this configuration will not work when legacy audit logging is deprecated in Bitbucket version 8 (see: https://confluence.atlassian.com/bitbucketserver/configuration-properties-776640155.html#Configurationproperties-Audit for deprecation notice)
Proposed Solution
- Implement a way to keep this functionality even after legacy audit logging is deprecated