Merge pull request #11695 from HJianBo/audit-logs-from

apps/emqx/include/logger.hrl

@@ -61,7 +61,7 @@
     )
 end).
 
--define(AUDIT(_Level_, _Msg_, _Meta_), begin
+-define(AUDIT(_Level_, _From_, _Meta_), begin
     case emqx_config:get([log, audit], #{enable => false}) of
         #{enable := false} ->
             ok;
@@ -71,8 +71,8 @@ end).
                     emqx_trace:log(
                         _Level_,
                         [{emqx_audit, fun(L, _) -> L end, undefined, undefined}],
-                        {report, _Msg_},
+                        _Msg = undefined,
-                        _Meta_
+                        _Meta_#{from => _From_}
                     );
                 gt ->
                     ok

apps/emqx/src/emqx_logger_jsonfmt.erl

@@ -93,6 +93,8 @@ format(Msg, Meta, Config) ->
         end,
     emqx_utils_json:encode(json_obj_root(Data, Config)).
 
+maybe_format_msg(undefined, _Meta, _Config) ->
+    #{};
 maybe_format_msg({report, Report} = Msg, #{report_cb := Cb} = Meta, Config) ->
     case is_map(Report) andalso Cb =:= ?DEFAULT_FORMATTER of
         true ->

apps/emqx_ctl/src/emqx_ctl.erl

@@ -145,7 +145,7 @@ run_command(Cmd, Args) when is_atom(Cmd) ->
 
     audit_log(
         audit_level(Result, Duration),
-        "from_cli",
+        cli,
         #{duration_ms => Duration, cmd => Cmd, args => Args, node => node()}
     ),
     Result.

apps/emqx_dashboard/src/emqx_dashboard_audit.erl

@@ -25,23 +25,19 @@ log(Meta0) ->
     Duration = erlang:convert_time_unit(ReqEnd - ReqStart, native, millisecond),
     Level = level(Method, Code, Duration),
     Username = maps:get(username, Meta0, <<"">>),
+    From = from(maps:get(auth_type, Meta0, "")),
     Meta1 = maps:without([req_start, req_end], Meta0),
     Meta2 = Meta1#{time => logger:timestamp(), duration_ms => Duration},
     Meta = emqx_utils:redact(Meta2),
     ?AUDIT(
         Level,
-        "from_api",
+        From,
-        Meta#{
+        Meta#{username => binary_to_list(Username), node => node()}
-            from => from(maps:get(auth_type, Meta0, "")),
-            username => binary_to_list(Username),
-            node => node()
-        }
     ),
     ok.
 
 from(jwt_token) -> "dashboard";
-from(api_key) -> "aip_key";
+from(_) -> "rest_api".
-from(_) -> "unauthorized".
 
 level(get, _Code, _) -> debug;
 level(_, Code, _) when Code >= 200 andalso Code < 300 -> info;

apps/emqx_machine/src/emqx_machine_boot.erl

@@ -47,7 +47,7 @@ post_boot() ->
     ok = ensure_apps_started(),
     ok = print_vsn(),
     ok = start_autocluster(),
-    ?AUDIT(alert, "from_cli", #{time => logger:timestamp(), event => "emqx_start"}),
+    ?AUDIT(alert, cli, #{time => logger:timestamp(), event => "emqx_start"}),
     ignore.
 
 -ifdef(TEST).

apps/emqx_machine/src/emqx_machine_terminator.erl

@@ -67,8 +67,9 @@ graceful() ->
 
 %% @doc Shutdown the Erlang VM and wait indefinitely.
 graceful_wait() ->
-    ?AUDIT(alert, "from_cli", #{
+    ?AUDIT(alert, cli, #{
-        time => logger:timestamp(), msg => "run_emqx_stop_to_grace_shutdown"
+        time => logger:timestamp(),
+        event => emqx_gracefully_stop
     }),
     ok = graceful(),
     exit_loop().

apps/emqx_machine/src/emqx_restricted_shell.erl

@@ -112,7 +112,7 @@ max_heap_size_warning(MF, Args) ->
 log(_, {?MODULE, prompt_func}, [[{history, _}]]) ->
     ok;
 log(IsAllow, MF, Args) ->
-    ?AUDIT(warning, "from_remote_console", #{
+    ?AUDIT(warning, erlang_console, #{
         time => logger:timestamp(),
         function => MF,
         args => pp_args(Args),