This is an Ash resource extension which generates the default audit log resource.

The audit log resource is used to store user interactions with the authentication system in order to derive extra security behaviour from this information.

Storage

The information stored in this resource is essentially time-series, and should be stored in a resilient data-layer such as postgres.

Usage

There is no need to define any attributes or actions (thought you can if you want). The extension will wire up everything that's needed for the audit log to function.

defmodule MyApp.Accounts.AuditLog do
  use Ash.Resource,
    data_layer: AshPostgres.DataLayer,
    extensions: [AshAuthentication.AuditLogResource],
    domain: MyApp.Accounts


  postgres do
    table "account_audit_log"
    repo MyApp.Repo
  end
end

Whilst it is possible to have multiple audit log resources, there is no need to do so.

Batched writes

In order to reduce the write load on the database writes to the audit log (via the AuditLogResource.log_activity/2 function) will be buffered in a GenServer and written in batches.

Batching can be disabled entirely by setting audit_log.write_batching.enabled? to false. By default it write a batch every 100 records or every 10 seconds, whichever happens first. This can also be controlled by options in the audit_log.write_batching DSL.

Removing old records

When the log_lifetime DSL option is set to a positive integer then log entries will be automatically removed after that many days. To disable this behaviour, or to manage it manually set it to :infinity. Defaults to 90 days.