java 商业审计日志 - 推荐的库或方法?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/3778281/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Business Audit log - recommended library or approach?
提问by krtek
do you know any good Java library for audit logging? Or at least good book/article to help choose good approach to build audit log for an application?
您知道用于审计日志的任何好的 Java 库吗?或者至少是一本好书/文章来帮助选择为应用程序构建审计日志的好方法?
Library requirements:
- define common audit metadata (userId, time, IP, ...)
- define audit message types (transaction sent, message received, ...)
- lock/sign individual audit messages (for non-repudiation)
- search audit log based on metadata
- etc.
库要求:
- 定义通用审计元数据(用户 ID、时间、IP 等)
- 定义审计消息类型(发送的事务、接收的消息等)
- 锁定/签署单个审计消息(用于不可否认性)
- 搜索基于元数据的审计日志
- 等等。
Edit:
I'm not looking for automated solution, I'm perfectly happy with calling something like:
编辑:
我不是在寻找自动化解决方案,我对调用以下内容非常满意:
AuditEvent event = new TransactionSentEvent(userId, account, amount, ...)
AuditLog.audit(auditEvent);
The point is to have the infrastructure behind it - safe storage to database, non-reputability etc.
关键是要有它背后的基础设施——安全存储到数据库、非信誉等。
采纳答案by Han Zheng
what about this https://github.com/dima767/inspektrI have almost the same requirements as you described above, and am digging into inspektr.
这个https://github.com/dima767/inspektr我有你上面描述的几乎相同的要求,我正在深入研究 inspektr。
回答by jkl
So, if you are looking for a framework, you could try logback-audit. It is by the folks who are behind the Java logging library, logback.
所以,如果你正在寻找一个框架,你可以尝试logback-audit。它是由 Java 日志库logback背后的人提供的。
回答by surajz
If you are using Java, one way is to use springframework and aop. This is the most flexible option. Here is an example
如果您使用 Java,一种方法是使用 springframework 和 aop。这是最灵活的选择。这是一个例子
You can also do it at database level using hibernate (more info)
您还可以使用 hibernate 在数据库级别执行此操作(更多信息)
回答by user456247
You can use AscpectJ library without Spring, via annotations
您可以通过注释在没有 Spring 的情况下使用 AscpectJ 库
回答by Archimedes Trajano
A good approach to business/operation level logging is to determine what exactly you need to log. You have already done that.
业务/操作级日志记录的一个好方法是确定您到底需要记录什么。你已经这样做了。
You don't really need any new framework or AOP to add. However, you have some extra requirements which prevent you from using the common logging frameworks such as Log4J or java.util.logging without creating more work.
您实际上并不需要添加任何新框架或 AOP。但是,您有一些额外的要求,这会阻止您在不创建更多工作的情况下使用常见的日志记录框架,例如 Log4J 或 java.util.logging。
The easiest approach I can think of you can do is to have a Audit class that has a JDBC connection injected or configured in it. This can be done through Spring if you are already using that framework. If you don't have a DI container then you need to define this as a singleton.
我能想到的最简单的方法是创建一个 Audit 类,其中注入或配置了 JDBC 连接。如果您已经在使用该框架,则可以通过 Spring 完成此操作。如果您没有 DI 容器,则需要将其定义为单例。
Another thing you need is a capability of signing. Java has a java.security.Signature to sign and verify data.
您需要的另一件事是签名能力。Java 有一个 java.security.Signature 来签名和验证数据。
As I said earlier you have requirements that prevent you from using the available logging frameworks. That is:
正如我之前所说,您有一些要求阻止您使用可用的日志记录框架。那是:
- search audit log based on metadata
- 基于元数据搜索审计日志
For you to facilitate searching you need to store data in a database as writing to a text file will be difficult to do. Using the logging frameworks you have to learn the API and be tied to the framework which is not part of the standard.
为了方便搜索,您需要将数据存储在数据库中,因为写入文本文件将很困难。使用日志框架,您必须学习 API 并与不属于标准的框架相关联。
