From 6f0e4b54be9dd83ebd781d3aed204a8934da29fe Mon Sep 17 00:00:00 2001 From: NickOvt Date: Mon, 19 Feb 2024 09:45:46 +0200 Subject: [PATCH] fix(api-filters): Filter creation is now logged to graylog and authlog ZMS-34 (#616) * log filter creation to logs * api.js, filterroutes, remove unnecessary loggelf param * instead of dumping all filter data, create a human readable description of it using getFilterStrings * separate getFilterStrings data into _filter_query and _filter_action fields, make them human-readable by joining --- lib/api/filters.js | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/lib/api/filters.js b/lib/api/filters.js index 47ee7364..12aeb3ba 100644 --- a/lib/api/filters.js +++ b/lib/api/filters.js @@ -895,6 +895,35 @@ module.exports = (db, server, userHandler, settingsHandler) => { } } + const filterStrings = getFilterStrings(filterData); + + // Log added filter to graylog + userHandler.loggelf({ + short_message: '[FILTERS] Added new filter', + _user: user, + _mailbox: filterData.action.mailbox, + _filter_id: filterData._id.toString(), + _filter_query: filterStrings.query.map(item => item.filter(val => val).join(': ')).join(', '), + _filter_action: filterStrings.action.map(item => item.filter(val => val).join(': ')).join(', '), + _filter_name: filterData.name, + _filter_created: filterData.created, + _filter_disabled: filterData.disabled + }); + + // Log added filter to authlog as well + try { + await userHandler.logAuthEvent(user, { + action: 'filter added', + result: 'success', + filter: filterData._id, + protocol: 'API', + sess: values.sess, + ip: values.ip + }); + } catch (err) { + log.error('API [Filter]', err); + } + return res.json({ success: r.acknowledged, id: filterData._id.toString()