Skip to main content

Quickstart

About Secure Audit Log

A secure audit log is a critical component of any system that requires accountability and transparency by providing an accurate and secure record of all system events.

Configuring the Secure Audit Log service

These steps are an overview of how to configure Audit Log for your app. For a complete set of step-by-step instructions, refer to Configuration.

  1. Navigate to the Pangea User Console .
  2. Sign up to Pangea. As part of the sign up process, an Organization and initial token will be created.
  3. Configure the token for use with the Secure Audit Log service. For more information, go to Get Started with Secure Audit Log.
  4. Set any desired settings in the Secure Audit Log Settings page.

Add logging in your app

The steps below will walk you through the basics of integrating audit logging code in a Python app ending with a completed sample that shows how Secure Audit Log works. For a more in-depth explanation of the sample app, you can visit our Python SDK.

Set your environment variables

Before starting to code, it is necessary to add the token and domain variables to your environment.

  1. Open up a bash terminal window.
  2. Type the following commands, replacing yourServiceDoman and yourAccessToken with your Domain and Default Token copied from the Secure Audit Log page in the Pangea User Console.
export PANGEA_DOMAIN="yourServiceDomain"
export PANGEA_TOKEN="yourAccessToken"

Writing the Secure Audit Log code

In order to be ready to code, you must first install the Pangea SDK. To add the Pangea Python SDK to your project, you will need to run one of the following commands in your project root directory based on your preferred installation method.

Install SDK via pip:

pip3 install pangea-sdk

Install SDK via poetry:

poetry add pangea-sdk
  1. Next, import the Pangea libraries into your code.
import os

import pangea.exceptions as pe
from pangea.config import PangeaConfig
from pangea.services import Audit
  1. Add the token and the domain from your .env file so you can authenticate with Pangea. You can read more about how Pangea uses tokens on our Tokens page.
token = os.getenv("PANGEA_AUDIT_TOKEN")
domain = os.getenv("PANGEA_DOMAIN")
config = PangeaConfig(domain=domain)
audit = Audit(token, config=config, logger_name="audit")
logger_set_pangea_config(logger_name=audit.logger.name)
  1. Define a data set and map the data from the exports. Placeholder values should be replaced with your own values.
print("Logging...")
try:
	log_response = audit.log(
    	message="<message text placeholder>",
    	action="<action placeholder>",
    	actor="<actor placeholder>",
    	target="<target placeholder>",
    	verbose=True,
	)
  1. Next, we need to write the logs to the console.
 print(f"Response: {log_response.result}")
  1. Finally, add error handling and print the response.
except pe.PangeaAPIException as e:
	# Catch exception in case something fails and print error
	print(f"Request Error: {e.response.summary}")
	for err in e.errors:
    	print(f"\t{err.detail} \n")

Completed code

Below is a completed code sample for this application. This is a usable, copy & paste resource that will work on its own, simply edit placeholder data such as <message text placeholder> with your desired values.

import os

import pangea.exceptions as pe
from pangea.config import PangeaConfig
from pangea.services import Audit

# Read your access token from an env variable
token = os.getenv("PANGEA_AUDIT_TOKEN")

# Read your project domain from an env variable
domain = os.getenv("PANGEA_DOMAIN")

# Create a Config object contain the Audit Config
config = PangeaConfig(domain=domain)

# Initialize an Audit instance using the config object
audit = Audit(token, config=config)

print("Logging...")
try:
	# Create test data
	log_response = audit.log(
    	message="<message text placeholder>",
    	action="<action placeholder>",
    	actor="<actor placeholder>",
    	target="<target placeholder>",
    	verbose=True,
	)
	print(f"Response: {log_response.result}")
except pe.PangeaAPIException as e:
	# Catch exception in case something fails and print error
	print(f"Request Error: {e.response.summary}")
	for err in e.errors:
    	print(f"\t{err.detail} \n")

Improving your app

The purpose of this guide is to provide the minimum steps required to start coding with our Secure Audit Log, however there are some improvements that can be made on this process. One such improvement is utilizing Vault to store tokens and secrets, which provides the added benefits of additional security and reduced code maintenance.

Next steps

Was this article helpful?

Contact us