Skip to content

feat: Implement file-based audit exporter (JSON Lines) #135#160

Merged
inureyes merged 3 commits intomainfrom
feature/issue-135-file-audit-exporter
Jan 24, 2026
Merged

feat: Implement file-based audit exporter (JSON Lines) #135#160
inureyes merged 3 commits intomainfrom
feature/issue-135-file-audit-exporter

Conversation

@inureyes
Copy link
Member

@inureyes inureyes commented Jan 24, 2026

Summary

Implement a file-based audit exporter that writes events in JSON Lines format for easy parsing and analysis. This completes the audit infrastructure (#134) by providing a production-ready exporter.

Changes

Core Implementation

  • FileExporter: New file-based exporter with BufWriter for efficient I/O
  • RotateConfig: Configurable log rotation with size-based triggers
  • JSON Lines format: One JSON object per line for easy parsing
  • AuditManager integration: Wire up FileExporter as a valid exporter option

Features

  • ✅ Append mode (preserves existing data)
  • ✅ Log rotation based on file size
  • ✅ Optional gzip compression for rotated files
  • ✅ Thread-safe using async Mutex
  • ✅ Async I/O using tokio
  • ✅ Automatic parent directory creation

Dependencies Added

  • async-compression (v0.4) with tokio and gzip features
  • serde_json (v1.0) moved from dev-dependencies to dependencies

Testing

  • ✅ 33 audit tests passing
  • ✅ JSON Lines format validation
  • ✅ File rotation tests (with and without compression)
  • ✅ Max backups enforcement
  • ✅ Append mode verification
  • ✅ Batch export tests

Testing Verification

cargo test audit --lib     # All 33 tests pass
cargo clippy --lib         # No warnings
cargo fmt --check          # Properly formatted

Example Usage

use bssh::server::audit::file::{FileExporter, RotateConfig};
use std::path::Path;

// Simple file exporter
let exporter = FileExporter::new(Path::new("/var/log/audit.log"))?;

// With rotation
let rotate_config = RotateConfig::new()
    .with_max_size(50 * 1024 * 1024)  // 50 MB
    .with_max_backups(10)
    .with_compress(true);

let exporter = FileExporter::new(Path::new("/var/log/audit.log"))?
    .with_rotation(rotate_config);

Output Format

JSON Lines (one JSON object per line):

{"id":"123e4567-e89b-12d3-a456-426614174000","timestamp":"2024-01-15T10:30:00Z","event_type":"file_uploaded","session_id":"sess-001","user":"admin","client_ip":"192.168.1.100","path":"/data/report.pdf","bytes":1048576,"result":"success","protocol":"sftp"}
{"id":"123e4567-e89b-12d3-a456-426614174001","timestamp":"2024-01-15T10:30:05Z","event_type":"auth_failure","session_id":"sess-002","user":"unknown","client_ip":"10.0.0.50","result":"failure","details":"Invalid password"}

Closes #135

@inureyes
feat: Implement file-based audit exporter with JSON Lines format
afb1ca0 
Implement a file-based audit exporter that writes events in JSON Lines format
for easy parsing and analysis. This completes the audit infrastructure by
providing a production-ready exporter.

Features:
- JSON Lines format (one JSON object per line)
- Append mode to preserve existing data
- Log rotation based on file size
- Optional gzip compression for rotated files
- Thread-safe using async Mutex
- Async I/O using tokio
- Comprehensive test coverage (33 tests passing)

Implementation:
- Add FileExporter struct with BufWriter for efficient I/O
- Add RotateConfig for configurable rotation behavior
- Wire up FileExporter in AuditManager
- Add async-compression and serde_json dependencies

Closes #135
@inureyes inureyes added priority:medium Medium priority issue status:review Under review type:enhancement New feature or request labels Jan 24, 2026
@inureyes
fix: Address security issues in file audit exporter
91f1e3f
@inureyes
docs: Update ARCHITECTURE.md for file-based audit exporter
90850da 
- Add file.rs to audit module structure listing
- Document FileExporter features and capabilities
- Add usage examples with rotation configuration
- Document JSON Lines output format
- Update future exporters list (file exporter is now implemented)
@inureyes
Copy link
Member Author

inureyes commented Jan 24, 2026

PR Finalization Complete

Summary

  • Tests: 38 audit tests passing (all existing + new tests)
  • Documentation: Updated ARCHITECTURE.md with FileExporter documentation
  • Lint/Format: cargo fmt --check and cargo clippy -- -D warnings passing

Changes Made

  • Updated ARCHITECTURE.md to document the new FileExporter:
    • Added file.rs to the audit module structure listing
    • Documented FileExporter features (JSON Lines, rotation, compression, permissions)
    • Added usage examples with RotateConfig
    • Documented JSON Lines output format
    • Removed "File exporter" from "Future Exporters" list (now implemented)

Verification Results

cargo test audit --lib  -> 38 tests passed
cargo fmt --check       -> OK
cargo clippy -- -D warnings -> No warnings

All checks passing. Ready for merge.

@inureyes inureyes merged commit ec9fa0f into main Jan 24, 2026
2 checks passed
@inureyes inureyes deleted the feature/issue-135-file-audit-exporter branch January 24, 2026 04:30
@inureyes inureyes self-assigned this Jan 24, 2026
@inureyes inureyes added status:done Completed and removed status:review Under review labels Jan 24, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@inureyes inureyes

Labels

priority:medium Medium priority issue status:done Completed type:enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Implement file-based audit exporter (JSON Lines)

1 participant

@inureyes