package auditlog
import "tailscale.com/ipn/auditlog"
Package auditlog provides a mechanism for logging audit events.
Index ¶
- Variables
- func DefaultStoreFilePath() (string, error)
- func IsRetryableError(err error) bool
- func SetStoreFilePath(path string)
- type LogStore
- type Logger
- func NewLogger(opts Opts) *Logger
- func (al *Logger) Enqueue(action tailcfg.ClientAuditAction, details string) error
- func (al *Logger) FlushAndStop(ctx context.Context)
- func (al *Logger) SetProfileID(profileID ipn.ProfileID) error
- func (al *Logger) Start(t Transport) error
- type Opts
- type Transport
Variables ¶
ErrAuditLogStorageFailure is returned when the logger fails to persist logs to the store.
Functions ¶
func DefaultStoreFilePath ¶
DefaultStoreFilePath returns the default audit log store file path for the current platform, or an error if the platform does not have one.
func IsRetryableError ¶
IsRetryableError returns true if the given error is retryable See [controlclient.apiResponseError]. Potentially retryable errors implement the Retryable() method.
func SetStoreFilePath ¶
func SetStoreFilePath(path string)
SetStoreFilePath sets the audit log store file path. It is optional on platforms with a default store path, but required on platforms without one (e.g., macOS). It panics if called more than once or after the store has been created.
Types ¶
type LogStore ¶
type LogStore interface {
// contains filtered or unexported methods
}
LogStore provides a means for a Logger to persist logs to disk or memory.
func NewLogStore ¶
func NewLogStore(store ipn.StateStore) LogStore
NewLogStore creates a new LogStateStore with the given ipn.StateStore.
type Logger ¶
type Logger struct {
// contains filtered or unexported fields
}
Logger provides a queue-based mechanism for submitting audit logs to the control plane - or another suitable consumer. Logs are stored to disk and retried until they are successfully sent, or until they permanently fail.
Each individual profile/controlclient tuple should construct and manage a unique Logger instance.
func NewLogger ¶
NewLogger creates a new Logger with the given options.
func (*Logger) Enqueue ¶
func (al *Logger) Enqueue(action tailcfg.ClientAuditAction, details string) error
Enqueue queues an audit log to be sent to the control plane (or another suitable consumer/transport). This will return an error if the underlying store fails to save the log or we fail to generate a unique eventID for the log.
func (*Logger) FlushAndStop ¶
FlushAndStop synchronously flushes all pending logs and stops the audit logger. This will block until a final flush operation completes or context is done. If the logger is already stopped, this will return immediately. All unsent logs will be persisted to the store.
func (*Logger) SetProfileID ¶
SetProfileID sets the profileID for the logger. This must be called before any logs can be enqueued. The profileID of a logger cannot be changed once set.
func (*Logger) Start ¶
Start starts the audit logger with the given transport. It returns an error if the logger is already started.
type Opts ¶
type Opts struct {
// RetryLimit is the maximum number of attempts the logger will make to send a log before giving up.
RetryLimit int
// Store is the persistent store used to save logs to disk. Must be non-nil.
Store LogStore
// Logf is the logger used to log messages from the audit logger. Must be non-nil.
Logf logger.Logf
}
Opts contains the configuration options for a Logger.
type Transport ¶
type Transport interface {
// SendAuditLog sends an audit log to a consumer of audit logs.
// Errors should be checked with [IsRetryableError] for retryability.
SendAuditLog(context.Context, tailcfg.AuditLogRequest) error
}
Transport provides a means for a client to send audit logs to a consumer (typically the control plane).
Source Files ¶
auditlog.go extension.go store.go
- Version
- v1.84.1 (latest)
- Published
- May 29, 2025
- Platform
- linux/amd64
- Imports
- 22 packages
- Last checked
- 19 hours ago –
Tools for package owners.