Using the access log pattern, I’ve configured the access log to write all parameters, and used the Elastic Stack to aggregate. This is effective for some of the audit requirements.
However, there are some notable issues.
- Without the use of a log parser (Logstash in my case), adding all of the parameters to the access log pattern makes the far too verbose. I would like to have a new pattern created for all non-null parameters in quoted key/value pair format, and line breaks are gracefully replaced.
- Using tokens to configure SonarQube connections in CI tools (Azure DevOps Server, in my case) do not allow us to identify the individual who initiated the scan. With the available documentation, it suggests you generate a token with your own account to configure the service connection. Access logs then identify this user as the actor. The best I can do here is to create a generic team user, log in with it to generate a token, and use that for the build tool. What I would like is to have the CI application pass details of the build requestor and URL to SonarQube for logging.