diff --git a/conf/defaults.ini b/conf/defaults.ini index 81d6c8d8050..d1a4ee19681 100644 --- a/conf/defaults.ini +++ b/conf/defaults.ini @@ -47,6 +47,9 @@ root_url = %(protocol)s://%(domain)s:%(http_port)s/ # Log web requests router_logging = false +# This enables query request audit logging, output at warn level, default is false +audit_logging = false + # the path relative working path static_root_path = public diff --git a/conf/sample.ini b/conf/sample.ini index 6a8aa623f85..2d4ce660dfc 100644 --- a/conf/sample.ini +++ b/conf/sample.ini @@ -49,6 +49,9 @@ # Log web requests ;router_logging = false +# This enables query request audit logging, output at warn level, default is false +audit_logging = false + # the path relative working path ;static_root_path = public diff --git a/docs/sources/http_api/admin.md b/docs/sources/http_api/admin.md index 2d15b19454c..118265edddb 100644 --- a/docs/sources/http_api/admin.md +++ b/docs/sources/http_api/admin.md @@ -143,6 +143,7 @@ with Grafana admin permission. "protocol":"http", "root_url":"%(protocol)s://%(domain)s:%(http_port)s/", "router_logging":"true", + "audit_logging":"true", "static_root_path":"public" }, "session":{ diff --git a/pkg/api/dataproxy.go b/pkg/api/dataproxy.go index b40a7d8c23b..92c85af3370 100644 --- a/pkg/api/dataproxy.go +++ b/pkg/api/dataproxy.go @@ -118,8 +118,6 @@ func ProxyDataSourceRequest(c *middleware.Context) { } } - outputToAuditLog(ds.Type, c) - proxy := NewReverseProxy(ds, proxyPath, targetUrl) proxy.Transport, err = ds.GetHttpTransport() if err != nil { @@ -127,19 +125,23 @@ func ProxyDataSourceRequest(c *middleware.Context) { return } + auditLog(ds.Type, c) + proxy.ServeHTTP(c.Resp, c.Req.Request) c.Resp.Header().Del("Set-Cookie") } -func outputToAuditLog(dataSourceType string, c *middleware.Context) { - auditLogger := log.New("data-proxy-audit", "userid", c.UserId, "orgid", c.OrgId, "username", c.Login) +func auditLog(dataSourceType string, c *middleware.Context) { + if setting.AuditLogging { + auditLogger := log.New("data-proxy-audit", "userid", c.UserId, "orgid", c.OrgId, "username", c.Login) - var body string - if c.Req.Request.Body != nil { - buffer, _ := ioutil.ReadAll(c.Req.Request.Body) - c.Req.Request.Body = ioutil.NopCloser(bytes.NewBuffer(buffer)) - body = string(buffer) + var body string + if c.Req.Request.Body != nil { + buffer, _ := ioutil.ReadAll(c.Req.Request.Body) + c.Req.Request.Body = ioutil.NopCloser(bytes.NewBuffer(buffer)) + body = string(buffer) + } + + auditLogger.Warn("Proxying incoming request", "datasource", dataSourceType, "uri", c.Req.RequestURI, "method", c.Req.Request.Method, "body", body) } - - auditLogger.Info("Proxying incoming request", "datasource", dataSourceType, "uri", c.Req.RequestURI, "method", c.Req.Request.Method, "body", body) } diff --git a/pkg/setting/setting.go b/pkg/setting/setting.go index 0de7b87b164..9159058b6e1 100644 --- a/pkg/setting/setting.go +++ b/pkg/setting/setting.go @@ -65,6 +65,7 @@ var ( SshPort int CertFile, KeyFile string RouterLogging bool + AuditLogging bool StaticRootPath string EnableGzip bool EnforceDomain bool @@ -490,6 +491,7 @@ func NewConfigContext(args *CommandLineArgs) error { HttpAddr = server.Key("http_addr").MustString(DEFAULT_HTTP_ADDR) HttpPort = server.Key("http_port").MustString("3000") RouterLogging = server.Key("router_logging").MustBool(false) + AuditLogging = server.Key("audit_logging").MustBool(false) EnableGzip = server.Key("enable_gzip").MustBool(false) EnforceDomain = server.Key("enforce_domain").MustBool(false) StaticRootPath = makeAbsolute(server.Key("static_root_path").String(), HomePath)