Auditing with C# and .NET

Asked 2/8, 2011 at 12:18 Answered 22/10, 2020 at 2:27

I have a web application, and I would like to audit most of the users actions on the application, for example login, insertion to db, update to db, fired exceptions, etc.

One of my senios suggested using a queue for faster performance, so you just enqeue an event and it is then processed automatically without having to wait for it to be processed.

What are your suggestions? How should I process them? Enqueueing them is no problem, but I'm not sure how they will be processed then without no body calling a method.

I am using C# with .NET 4.0

Pinckney answered 2/8, 2011 at 12:18 Comment(2)

Do you really need audit functionality or just logging? – Hals 2/8, 2011 at 12:41

@ckeller I need to log the things in a file, and I also need to store them in the database. I will be logging what was changed, what was inserted, when an exception was fired, etc – Pinckney 2/8, 2011 at 12:46

I've been working on a library that can probably help.

Audit.NET and its extensions to audit different systems (WCF, MVC, WebApi, EF) and store logs in different data storages (SQL, MongoDB, DocumentDB, File, EventLog) will give you the flexibility to configure what do you want to audit and where do you want to store the audit logs.

Unwritten answered 14/9, 2016 at 0:36 Comment(11)

I love this framework but I don't quit get where it logs to. I'm using the Audit.NET and I've decorated my action with the AuditApi attribute. Where can I find the log? @theprat000 – Basifixed 1/6, 2018 at 10:29

You decide whether to store/send the logs, via Data Providers, take a look at the documentation here. By default if no data provider is configured, it will log to json files on the file system on the execution folder. You can configure it via Audit.Core.Configuration.Setup().UseXXXX(...) – Unwritten 2/6, 2018 at 1:4

Worked perfectly! However, it also logs passwords in plain string. How can this be configured to mask sensitive data? – Basifixed 3/6, 2018 at 12:56

One option is to setup a Custom Action that executes before the event saving, so you can modify the final event to be saved. Another option is to create a custom data provider and have the mask logic there. – Unwritten 3/6, 2018 at 19:35

Super reduced example of an Audit Action On Event Saving:

Audit.Core.Configuration.AddCustomAction(ActionType.OnEventSaving, e =>	{ e.Event.GetWebApiAuditAction().ActionParameters["Password"] = "****"; });

– Unwritten 3/6, 2018 at 19:56

This worked just as I expected. Thank you very much. – Basifixed 4/6, 2018 at 16:52

Hi @Unwritten I am using asp.net core project and want to log in SQL. Please let me know, which projects I need to add in my projects? Or Can I use it directly? If yes, In Program.cs or Startup.cs file? Or somewhere else? – Low 17/1, 2020 at 11:46

You could reference the packages Audit.WebApi.Core to generate the audit events for Asp.Net Core and Audit.NET.SqlServer to store the events on a SQL server. – Unwritten 17/1, 2020 at 15:38

Do I need to create own configurator and providers? Or can direct implements in built? – Low 18/1, 2020 at 1:20

@Unwritten I need to audit stored procedure DML changes. I tried via audit.net EF core extension but it seems to be not possible since audit.net library intercept SaveChanges method, SaveChanges method is not called when we execute stored procedure using EF Core. I need to log every change in the database via CUD/stored procedure. Also I need to audit ADO.NET DML statements. I am using .NET Core and SQL Server. Can you please suggest approach using audit.net library or any other library? It will be very helpful. – Kra 8/1, 2021 at 10:56

I have also raised a separate question for this. Please let me know if you need more details. #65626692 – Kra 8/1, 2021 at 10:56

I would simply recommend an off the shelf logging framework that is stable and supported. Have you considered a logging framework, like log4net?

You could write a custom appender for logging into MSMQ if you'd like.

Gustie answered 2/8, 2011 at 12:26 Comment(5)

I have not considered it because it is not an option, I basically need to build an auditing framework which will be used for this application, and all future ones – Pinckney 2/8, 2011 at 12:35

@Ryan don't reinvent the wheel. Mature logging frameworks like NLog or log4net can be used as base for your task – Hals 2/8, 2011 at 12:48

@Gustie - Thanks I'm looking at log4net too, at first I tought you were referring to log4j and was puzzled because that's for Java – Pinckney 2/8, 2011 at 12:51

@Ryan - No man, log4j is for java, log4net is for .NET. NLog is good too. Just pick any that you feel comfortable with. My preference is log4net, but that's only because I've used it for so long. – Gustie 2/8, 2011 at 12:54

@Gustie - Sorry, I realized later after I was reading more about it, in fact I edited my message. Thanks for your feedback. – Pinckney 2/8, 2011 at 12:56

An alternative logger is called TracerX. It is written in C# and fast and flexible. Because the source code is available it means you can modify it as you wish to suit your needs. It comes with a viewer that allows for filtering the output.

https://github.com/MarkLTX/TracerX and an article on how to use it:

http://www.codeproject.com/KB/dotnet/TracerX.aspx

Cortico answered 2/8, 2011 at 12:37 Comment(0)

Two topics of interest actually:

Asynchronous logging
Aspect Oriented Features

Asynchronous logging may speed-up heavy processing 100-fold. Use a writer thread that dumps the queue into log sink every,say 100ms however that Logging engine must be deterministically started and stopped so it can flush the sinks on application stop.

Aspect Oriented Programming addressed your cross-cutting concern - audit/log calls shall be invoked in desired operation prologues/epilogues - look at PostSharp project.

Ingenerate answered 28/12, 2012 at 1:29 Comment(0)

(Little late on the answer, this post shows up high in google, so I thought it may be worth looking at some of the options)

If you are looking to actually audit. (By this I mean to record that an action took place, who did it and when, and for that auditable log to be able to be used as evidence to an external auditor)

(Debug Logging vs Auditing logging)

If so, you can consider some options, such as:

use an Audit logging library
adopt an EventStore database
use a logging library that fails loudly

1. using an audit library

Audit.NET has already been mentioned here and has an impressive number of downloads and is very feature-rich
auditable - an alternative to the above (disclaimer, its written by me)

both are pretty cool, as they allow you to bring your own datastore

2. Eventsourcing

The design here (which can impact your architecture to embrace Events) is that Events are immutable, and if you store them then you have an auditable store of things that happened in your system

note this does not look to solve the question above, but it does solve how to audit, so I have mentioned it

3. Logging library

Serilog - Issue

you have to confirm that the logging library if it fails to add an Audit Log, it will throw an exception.

if it does not do that then you will be missing auditable logs, which then you cannot build trust with your Auditors

Side note 1 - with options 1 and 3, you may need to ensure that the log is written in the same transaction as your primary data store. to ensure that all of the information is ACID. (this is similar to the issue people have with publishing an event which is outside of the database transaction)

Side note 2 - that audit logs should be able to identify who did what, so you may/should need to encrypt the datastore they eventually end up in.

Luetic answered 22/10, 2020 at 2:27 Comment(0)

1. using an audit library

2. Eventsourcing

3. Logging library

Recommended topics

Hot tags