返回 Skill 列表
extension
分类: 开发与工程无需 API Key

security-audit-logging

实施全面的安全审计日志记录,以符合合规性、取证和SIEM集成的需求。在构建审计跟踪、合规性日志记录或安全监控系统时使用。

person作者: jakexiaohubgithub

Security Audit Logging

Table of Contents

Overview

Implement comprehensive audit logging for security events, user actions, and system changes with structured logging, retention policies, and SIEM integration.

When to Use

  • Compliance requirements (SOC 2, HIPAA, PCI-DSS)
  • Security monitoring
  • Forensic investigations
  • User activity tracking
  • System change auditing
  • Breach detection

Quick Start

Minimal working example:

// audit-logger.js
const winston = require("winston");
const { ElasticsearchTransport } = require("winston-elasticsearch");

class AuditLogger {
  constructor() {
    this.logger = winston.createLogger({
      level: "info",
      format: winston.format.combine(
        winston.format.timestamp(),
        winston.format.json(),
      ),
      transports: [
        // File transport
        new winston.transports.File({
          filename: "logs/audit.log",
          maxsize: 10485760, // 10MB
          maxFiles: 30,
          tailable: true,
        }),

        // Elasticsearch transport for SIEM
        new ElasticsearchTransport({
          level: "info",
          clientOpts: {
// ... (see reference guides for full implementation)

Reference Guides

Detailed implementations in the references/ directory:

| Guide | Contents | |---|---| | Node.js Audit Logger | Node.js Audit Logger | | Python Audit Logging System | Python Audit Logging System | | Java Audit Logging | Java Audit Logging |

Best Practices

✅ DO

  • Log all security events
  • Use structured logging
  • Include timestamps (UTC)
  • Log user context
  • Implement log retention
  • Encrypt sensitive logs
  • Monitor log integrity
  • Send to SIEM
  • Include request IDs

❌ DON'T

  • Log passwords/secrets
  • Log sensitive PII unnecessarily
  • Skip failed attempts
  • Allow log tampering
  • Store logs insecurely
  • Ignore log analysis