Skip to main content

Secure Audit Log

Meet your compliance requirements by recording activity to a tamperproof audit log. Scales to even the most demanding retention and recall requirements.

Tutorials

Integrate with Next.js

About

A secure audit log is a critical component of any system that requires accountability and transparency by providing an accurate and secure record of all system events.

This document provides a self-sufficient code example for making a request to the Secure Audit Log APIs that you can try in one of the supported environments.

Quickstart

The following steps are an overview of how to configure Secure Audit Log for your app. For a complete set of step-by-step instructions, refer to Enable and Configure Secure Audit Log service documentation.

  1. Navigate to the Pangea User Console .
  2. Sign up to Pangea. As part of the signup process, an Organization and a project will be created.
  3. Under the COMPLIANCE section, select Secure Audit Log. When the service has not been enabled, this will open a multi-stage configuration dialog.
  4. For this walk-through, accept the defaults and enable the service.

Add logging in your app

The steps below will walk you through the basics of integrating audit logging code in a Python app ending with a completed sample that shows how Secure Audit Log works. For a more in-depth explanation of the sample app, you can visit our Python SDK.

Set your environment variables

Before starting to code, it is necessary to add the token and domain variables to your environment.

  1. Open up a bash terminal window.
  2. Type the following commands, replacing yourServiceDomain and yourAccessToken with your Domain and Default Token copied from the Secure Audit Log page in the Pangea User Console.
export PANGEA_DOMAIN="yourServiceDomain"
export PANGEA_AUDIT_TOKEN="yourAccessToken"

Writing the Secure Audit Log code

In order to be ready to code, you must first install the Pangea SDK. Run one of the following commands in your project root directory based on your preferred choice of either Pip or Poetry.

Install SDK via Pip:

pip3 install pangea-sdk

or

Install SDK via Poetry:

poetry add pangea-sdk
  1. Next, import the Pangea libraries into your code.
import os

import pangea.exceptions as pe
from pangea.config import PangeaConfig
from pangea.services import Audit
  1. Add the token and the domain from your environment variables so you can authenticate with Pangea. You can read more about how Pangea uses tokens on our Tokens page.
token = os.getenv("PANGEA_AUDIT_TOKEN")
domain = os.getenv("PANGEA_DOMAIN")
config = PangeaConfig(domain=domain)
audit = Audit(token, config=config, logger_name="audit")
logger_set_pangea_config(logger_name=audit.logger.name)
  1. Define a data set and map the data from the exports. Placeholder values should be replaced with your own values.
print("Logging...")
try:
	log_response = audit.log(
    	message="<message text placeholder>",
    	action="<action placeholder>",
    	actor="<actor placeholder>",
    	target="<target placeholder>",
    	verbose=True,
	)
  1. Next, we need to write the logs to the console.
 print(f"Response: {log_response.result}")
  1. Finally, add error handling and print the response.
except pe.PangeaAPIException as e:
	# Catch exception in case something fails and print error
	print(f"Request Error: {e.response.summary}")
	for err in e.errors:
    	print(f"\t{err.detail} \n")

Completed code

The code sample below is a usable, copy & paste resource for this application that will work on its own. For best results, be sure to edit placeholder data in the request with your desired values, such as <message text placeholder>.

import os

import pangea.exceptions as pe
from pangea.config import PangeaConfig
from pangea.services import Audit

# Read your access token from an env variable
token = os.getenv("PANGEA_AUDIT_TOKEN")

# Read your project domain from an env variable
domain = os.getenv("PANGEA_DOMAIN")

# Create a Config object contain the Audit Config
config = PangeaConfig(domain=domain)

# Initialize an Audit instance using the config object
audit = Audit(token, config=config)

print("Logging...")
try:
	# Create test data
	log_response = audit.log(
    	message="<message text placeholder>",
    	action="<action placeholder>",
    	actor="<actor placeholder>",
    	target="<target placeholder>",
    	verbose=True,
	)
	print(f"Response: {log_response.result}")
except pe.PangeaAPIException as e:
	# Catch exception in case something fails and print error
	print(f"Request Error: {e.response.summary}")
	for err in e.errors:
    	print(f"\t{err.detail} \n")

Improving your app

The purpose of this guide is to provide the minimum steps required to start coding with our Secure Audit Log, however there are some improvements that can be made on this process. One such improvement is utilizing Vault to store tokens and secrets, which provides the added benefits of additional security and reduced code maintenance.

Next steps

  • Check out our Admin Guide if you have a specific task you would like to complete
  • If you are feeling confident, you can browse our APIs or explore our Github repo, which has libraries for supported languages, SDKs, sample apps, etc.
  • For any questions, you can connect with our Pangea Discourse for Builders or continue exploring our Secure Audit Log documentation

Was this article helpful?

Contact us