Back to skills
extension
Category: Development & EngineeringNo API key required

security-audit-logging

Implement comprehensive security audit logging for compliance, forensics, and SIEM integration. Use when building audit trails, compliance logging, or security monitoring systems.

personAuthor: jakexiaohubgithub

Security Audit Logging

Table of Contents

Overview

Implement comprehensive audit logging for security events, user actions, and system changes with structured logging, retention policies, and SIEM integration.

When to Use

  • Compliance requirements (SOC 2, HIPAA, PCI-DSS)
  • Security monitoring
  • Forensic investigations
  • User activity tracking
  • System change auditing
  • Breach detection

Quick Start

Minimal working example:

// audit-logger.js
const winston = require("winston");
const { ElasticsearchTransport } = require("winston-elasticsearch");

class AuditLogger {
  constructor() {
    this.logger = winston.createLogger({
      level: "info",
      format: winston.format.combine(
        winston.format.timestamp(),
        winston.format.json(),
      ),
      transports: [
        // File transport
        new winston.transports.File({
          filename: "logs/audit.log",
          maxsize: 10485760, // 10MB
          maxFiles: 30,
          tailable: true,
        }),

        // Elasticsearch transport for SIEM
        new ElasticsearchTransport({
          level: "info",
          clientOpts: {
// ... (see reference guides for full implementation)

Reference Guides

Detailed implementations in the references/ directory:

| Guide | Contents | |---|---| | Node.js Audit Logger | Node.js Audit Logger | | Python Audit Logging System | Python Audit Logging System | | Java Audit Logging | Java Audit Logging |

Best Practices

✅ DO

  • Log all security events
  • Use structured logging
  • Include timestamps (UTC)
  • Log user context
  • Implement log retention
  • Encrypt sensitive logs
  • Monitor log integrity
  • Send to SIEM
  • Include request IDs

❌ DON'T

  • Log passwords/secrets
  • Log sensitive PII unnecessarily
  • Skip failed attempts
  • Allow log tampering
  • Store logs insecurely
  • Ignore log analysis