bedezign / yii2-audit Goto Github PK
View Code? Open in Web Editor NEWYii2 Audit records and displays web/cli requests, database changes, php/js errors and associated data.
Home Page: https://bedezign.github.io/yii2-audit/
License: Other
Yii2 Audit records and displays web/cli requests, database changes, php/js errors and associated data.
Home Page: https://bedezign.github.io/yii2-audit/
License: Other
We have added a ton of great features thanks to extending yii2-debug, we should list them in the README.
Should also update the screenshots as the module looks a bit different now. NOTE when adding images don't add them to the repo. Instead, add them to an issue, and then just copy the link of the image. That way they are stored on S3 and don't blow out the repo size with binary image data.
Sorry to bother you but I do not understand if I'm missing something.
The module is installed and it works, I see the data in the db.
First problem
I didn't understand how to call the RequestController via browser.
Do I need to move it to my controller directory or it is possible to call it like directly?
Second problem
Looking to the controller code and related views I saw that overview view is missing
Use case:
I want to not insert audit_entry rows, unless there is errors or trails. In the case of errors or trails they should be given an audit_id for grouping and logging purposes. This means the audit_trail.user_id field is no longer required.
The problem:
Some people want to use audit_trail stand-alone, without writing tons of data to the audit_entry and audit_data tables.
The solution:
The audit_entry table should be ultra light - no large data at all. #46 should take care of this. Once it's closed we can force an audit_entry to be created when trails or errors happen, eg:
In AuditingBehavior.php
change this:
$entry = Auditing::current() ? Auditing::current()->getEntry() : null;
to this:
$entry = Yii::$app->auditing->getEntry(true);
need to implement an interface and/or base class for the Provider classes
the yii1 module used to track the redirect url, do you know how to do that in yii2 ?
Hi Guys,
in bedezign\yii2-audit\Auditing.php line (126) you checking variable
$this->maxAuditAge !== null
but it should be
$this->maxAge !== null
unless i am wrong.
composer require "bedezign/yii2-audit" "dev-master"
Problem 1
- Installation request for bedezign/yii2-audit dev-master -> satisfiable by bedezign/yii2-audit[dev-master].
- bedezign/yii2-audit dev-master requires yiisoft/yii2 dev-master -> no matching package found.
Minimum yii2 requirement should * or a specific version instead of dev-master unstable version
The README file is getting to large, we should split it in /docs/*.md
for the specialised functionality and only keep the features/installation in the main doc.
I think the module should have it's own layout, and should only use the applications layout if it's provided as a configuration option to the module.
I really like how the yii2-debug module is laid out. Should we aim for something like that?
This issues will be used to add screenshots for the documentation.
in yii1 i used to also store the audit_trail_count in the audit_entry table... then i can delete all records with audit_trail_count=0 after a short period, but retain the data with trails for longer
if (!$relation instanceof ActiveQueryInterface) {
if ($throwException) {
throw new InvalidParamException(get_class($this) . ' has no relation named "' . $name . '".');
} else {
return null;
}
}
we currently publish the whole web/assets folder, which contains some php classes... we should be publishing a folder with only the assets in it, not the classes.
test suite to ensure everything is working, and keeps working
track $request->getIsAjax()
to the audit_entry table
If you select a query type from the dropdown for example it wil result in a 404
data
is obsoletememory
is useless, all we care about is max_memory
start_time
and end_time
are only needed to calculate duration
, don't need to store themConfig option to allow the choice of which data to store. Should also include a way for developers to add their own data.
yii2-debug does this using panels:
http://www.yiiframework.com/doc-2.0/guide-tool-debugger.html
https://github.com/yiisoft/yii2-debug/tree/master/panels
There's an error when trying the following route:
http://localhost/path/to/index.php?r=auditing
The error is:
Call to a member function checkAccess() on null
Maybe it is because I'm using the UserManagment module:
remove field and all references to it
notes: its a feature that was not working, and has since been replaced by a new property redirect
.
With all the huge data changes and compatibility breaks we did, we might want to consider starting over with a nice clean set of migration scripts. Per @cornernote's suggestion we should definitely keep the old scripts in a subdirectory and update them to end up with the database format that we use in (i assume) 0.2
The last "old" migration script should probably batch insert the names of the new set into the migrations table, so that users can seamlessly continue with the rest
We also need to be able to limit access based on IP
when trying to access ?r=auditing/default/trail
I'm using yii2-user. Can it be the problem? Thanks!
When I entered the URL to ../auditing to see the viewer ,
Got this error
..\yiisoft\yii2\i18n\I18N.php
Please help
Should we do tracking for cURL calls? How? (eg an Audit::curl()
-function that you can pass a curl handle and that will activate verbose and fetching of headers and result?
all panels should define a namespace that is used to prefix any stored data. The internal panels will use audit/panel-id
. This allows people to add external panels for custom data.
Before visiting this awesome project I was starting my own Yii2 port. I have a behavior that does audit with batch insert. It means no need to create a model for each insert, and does all the inserts in 1 SQL command.
https://github.com/cornernote/yii2-audit/blob/master/src/behaviors/AuditFieldBehavior.php#L154
Could you incorporate that into your AuditingBehavior ?
In the 2 partials I created:
https://github.com/bedezign/yii2-audit/blob/master/views/_audit_entry_id.php
https://github.com/bedezign/yii2-audit/blob/master/views/_audit_trails.php
I would like to be able to render a link to the audit view page, but only if the user has access. Do you know how I can check this?
[24/06/2015 11:54:29 PM] antonio ramirez cobos: @brett how is the audit logs saved?
[24/06/2015 11:54:56 PM] antonio ramirez cobos: during request lifecycle?
[24/06/2015 11:55:18 PM] Brett O'Donnell: the trail (db changes) are saved using batchInsert on aftersave
[24/06/2015 11:55:40 PM] antonio ramirez cobos: so is saved synchronously during app execution right?
[24/06/2015 11:55:57 PM] Brett O'Donnell: the initial request data is saved when app starts, or when an audit_entry_id is needed (by trail or error)
[24/06/2015 11:56:14 PM] Brett O'Donnell: and the final data (aka motherload) is saved at the end of the request
[24/06/2015 11:56:27 PM] antonio ramirez cobos: then this extension is only good for small apps with not many requests. I highly recommend you to implement async (workers) for audit log data recording
[24/06/2015 11:56:32 PM] Brett O'Donnell: at the same time the yii2-debug module saves its data
[24/06/2015 11:56:48 PM] antonio ramirez cobos: also... check Event Bus systems to do that...
[24/06/2015 11:57:19 PM] antonio ramirez cobos: i do not say the extension is bad... i am saying the extension is not fit for big apps with many requests
[24/06/2015 11:57:33 PM] Brett O'Donnell: can you define many ?
[24/06/2015 11:57:57 PM] antonio ramirez cobos: 10,000 requests per second?
[24/06/2015 11:58:09 PM] Brett O'Donnell: yeah, thats many
[24/06/2015 11:58:38 PM] antonio ramirez cobos: we worked with audit trail and we worked with that in an application that serves that amount of request. is useless.
[24/06/2015 11:58:45 PM] antonio ramirez cobos: but
[24/06/2015 11:58:57 PM] antonio ramirez cobos: adding the async behavior to it... thats a different story
[24/06/2015 11:59:12 PM] Brett O'Donnell: how do you do that ?
[24/06/2015 11:59:28 PM] Brett O'Donnell: like call gearman or similar to do the writes ?
[24/06/2015 11:59:35 PM] antonio ramirez cobos: ZeroMQ, Rabbit, or workers
[12:01:35 AM] antonio ramirez cobos: have a look at this: https://github.com/beberlei/litecqrs-php
implements Event Bus system based on DDD + CQRS. I believe that can be also done with it. CQRS actually works with Versioning, that is, an Entity can be saved in the database with version history in it. That way, if anything happens, you do not only can see what happens but also rollback on history on every action performed.
[12:02:02 AM] antonio ramirez cobos: is just to check and see how other systems work...
[12:02:51 AM] antonio ramirez cobos: or https://github.com/qandidate-labs/broadway
[12:04:23 AM] antonio ramirez cobos: the reason is that I believe that Audit Trail may work as a set of events that fired along the request lifecycle and providing the async functionality, which releases the app from audit logging storage process, would make your extensions a rock solid one.
[12:05:14 AM] antonio ramirez cobos: it can still work like it is right now... but big requests apps won't be able to use it and if they do, they will have to change it in the future.
[4:52:22 AM] antonio ramirez cobos: you define a server queue listener and send the jobs there right?
[4:53:55 AM] antonio ramirez cobos: looks fine
[4:53:59 AM] antonio ramirez cobos: https://github.com/chrisboulton/php-resque/blob/master/lib/Resque/Worker.php
[4:54:06 AM] antonio ramirez cobos: never tried though
[4:54:20 AM] Tobias Munk: yes
[4:54:34 AM] Tobias Munk: you can simply wrap a command in a job
[4:54:53 AM] Tobias Munk: and also start a worker by wrapping this into a command
[4:55:12 AM] Tobias Munk: with the former you can define, i.e. run the database import for articles
[4:55:20 AM] Tobias Munk: second one does the job
[4:55:36 AM] Tobias Munk: multiple workers, multiple queues
[4:56:03 AM] Tobias Munk: but very simple implementation, 11 records as "data-structure" after installation
[4:57:45 AM] antonio ramirez cobos: well... a good audit trail should use some kind of async process. you should have a look on that @brett
Should we add support for tracking SOAP calls, and if so, how would we handle custom SoapClient wrappers?
each panel can display its own summary (eg a count) that is displayed on the tab in the entry view page
error view should show full stack trace using a pretty layout, similar to the yii error page
At the moment cleanup is (optionally) run on 1/100 page requests.
This could be moved out of the request lifecycle and moved into a command so that it can be run via cron in the background.
need to purge trails when cleaning up other audit data
Add some documentation that explains how to create a new panel.
Also, there is some docs on storing extra data, which I think is not very useful now because they cannot display it without a custom panel. Perhaps there should be a panel for extra-data so that its easy to whack data in without needing to create a panel.
Create a CLI command that takes care of the cleanup of the data. Have it support using a config file to allow specifying different TTL
values per panel/data type
Sometimes its needed to use very long urls and the fields for storing them are not long enough. Very strict configured database will refuse to insert records while the non-strict ones just truncate the data. This should be handled by the module itself before attempting to insert.
For the regular URL there is no data loss given that the request is logged separately, but what about referrer
and redirect
?
i made a view, but its quite lite... need to spend some time getting a really nice looking error view page, something like the error that displays on the page when YII_DEBUG=true
the yii1 module had a command to email any errors to the developer.
This was very useful and both developers and clients loved it.
Consider the following:
@cloudswitch @MGHollander: I'm opening this issue to group any communication regarding the dedicated trail functionality requested in issue #8
I've just done a commit on master
that already adds the user_id
to the table and fills it. The grid still needs to be done. For that reason I have not added a new release yet.
I think we need 2 more properties in the Audit module class:
Audit->userModel = 'app\models\User';
Audit->usernameAttribute = 'username';
add a log route to track log/trace information from the yii2 log
TO DISCUSS
Ok, this is the last breaking change I want to get in for 0.2.
In addition change class to Module.php
Let me know your thoughts. Maybe it's not worth it to do this.
i assume it's not even storing them, but not sure
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.