Overview
The audit log service collects messages from the services used across the SaFi Bank system. Audit logs record the occurrence of an event, the time at which it occurred, the responsible customer or agent, the impacted entity etc.
Requirements
Collect necessary events emitted by domains and store them in Audit Log DB.
BOFE should be able to reconstruct
History of changes for editable customer attributes, see Change history - audit log data in BOFE
Communication history (between a customer and the bank), see https://safibank.atlassian.net/wiki/spaces/ITArch/pages/130842735/Communication+history+manager#Displaying-communication-history
Data Sources
For change history
Core Backend Services
For communication history
Communication gateway(s) - email, SMS, notifications …
Call centre - calls
Audit log architecture
All components are able to emit audit log command messages
The
audit-log-manager
processes and stores themThe
audit-log-manager
also allows access and filtering of the data
Note about naming: Historically, the entity received and processed by the audit log is called “Event”, though the messages sent to the audit log are of the “Command” type not “Event” type.
A better name would be “Activity”, but both the BE and FE refers to the audit log records as “audit log events” or just “events”.
API
POST /auditlog/events/v2 // Returns the audit log events based on criteria
Note that this is a POST endpoint in order to support a request body with a complex filter:
{ "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6", "sourceId": "string", "sourceType": "CUSTOMER_USER", "sourceEntityMeta": { "additionalProp1": {} }, "action": "COMMUNICATED", "targetId": "string", "targetType": [ "CUSTOMER" ], "targetEntityMeta": { "additionalProp1": {} }, "timeFrom": "2022-11-24T13:26:35.213Z", "timeTo": "2022-11-24T13:26:35.213Z", "detail": { "additionalProp1": "string", "additionalProp2": "string", "additionalProp3": "string" } }
Data model
Implementation
The service
Listens for
backoffice.create-audit-log.command.{version}
eventsAdds missing metadata via preprocessors
E.g. whenever there is
accountId
in the source or target metadata, a preprocessor will automatically fill in alsoaccountName
andaccountNumber
Stores them in DB.
Kafka messages
As mentioned, the audit-log-manager
is the single consumer of audit log command messages.
Usage
Backend: How to send audit log messages
Frontend: Change history - audit log data in BOFE
Open Questions
Question | Answer |
---|---|
Will audit log stare data/events with other logs? | No this will be a separate stream of events in a separate Kafka channel |
What DB will the audit log use | Zbyněk Melichar (Unlicensed) suggested https://www.timescale.com/ let’s evaluate that. Update: IT will not be used see TimescaleDB [not used] |
What software tool will be used (eg Google Cloud Logging) or will a custom service be implemented? | Normal microservice is enough |
Which type of actions/events will be passed and stored in audit log system? | See data model proposal above |
Attachments:
~drawio~5defcde55017c00ec74f3342~architectural overview.tmp (application/vnd.jgraph.mxfile)
~drawio~5defcde55017c00ec74f3342~architectural overview.tmp (application/vnd.jgraph.mxfile)
architectural overview (application/vnd.jgraph.mxfile)
architectural overview.png (image/png)
overview.png (image/png)
plantuml_1669298272176.svg (image/svg+xml)
plantuml_1669298272176 (text/plain)
plantuml_1669298272176.png (image/png)
plantuml_1669298272176 (text/plain)
plantuml_1669298272176.svg (image/svg+xml)
plantuml_1669298272176.png (image/png)