Post in Audit Trails

2008 Oct 30 02:03 UTC

I have committed, and have running, the start of the Audit Trails
system. The two screenshots below show a prototype view of the
audit-trail log. On Monday I will make the new system live on
GroupServer.Org (and the rest of OnlineGroups.Net).

The audit trails system records what the users do when using
GroupServer. The first screen shot below shows a log for a user (me) on
my test system. As I edited my profile and changed my password
GroupServer recorded the events in a log. Viewing the log allows me to
see the changes that have been made to my profile. (Because it is a
test, some of the entries are out of order.)  A successor to this page
will be the fix for Ticket 257
  https://svn.iopen.net/projects/groupserver/ticket/257

Once we record the changes made to the profiles we will be able to relax
the rules about who can edit profiles
  https://svn.iopen.net/projects/groupserver/ticket/258
The second screenshot below shows what happens when a user (me) alters
the profile of another user (Mr Lem). In addition to stating what the
changes were, the system also states who made the change. This can be
used to identify nefarious activity, and (hopefully) allows the change
to be undone.

In the future we can show logs for groups, so the changes made to a
group over time can be seen.

The database for the audit-trails system records all the fields that
Richard suggested in his earlier post [beneath the disclosure]
  http://groupserver.org/r/post/oLCBka5103TWEYZ8WrGCr
A little voodoo is used to marshal the data from the database back into
classes that can render each line item. These classes are needed because
they know the specific meaning of some of the generic data that is
stored in the database (specifically the "code", "instance datum" and
"supplementary datum" fields).

Most of the future work will be in writing the little classes that
render each event type. Most of the points where we want to audit events
are already marked by calls to the existing Python logger.