问 HN:你们是如何在系统中处理审计日志的?
2 分•作者: efeoge•5 个月前
我正在为某个系统设计审计日志,该系统需要跟踪数据变更、用户访问和管理操作等行为。目标是确保可追溯性,支持合规性,并协助事件响应。
我想知道其他人是如何在生产环境中处理这个问题的:
- 你们记录哪些数据?
- 你们如何构建审计日志(JSON、文本、数据库记录)?
- 你们如何确保日志的不可变性/防篡改性?
- 你们是否将它们与应用程序日志分开存储?
- 哪些工具或模式对你们来说效果很好(或很差)?
任何经验之谈、最佳实践或需要避免的陷阱都将不胜感激。
查看原文
I'm working on designing audit logging for a system that needs to track actions like data changes, user access, and administrative operations. The goal is to ensure traceability, support compliance, and assist with incident response.<p>I'm curious how others handle this in production:<p>- What data do you log?<p>- How do you structure audit logs (JSON, text, DB records)?<p>- How do you ensure logs are immutable/tamper-evident?<p>- Do you store them separately from application logs?<p>- What tooling or patterns have worked well (or poorly) for you?<p>Any war stories, best practices, or pitfalls to avoid would be really appreciated.