Skip to content

Software Requirement Specification (SRS) - Audit Logs & Security Tracking

FieldDetail
Company Nameruizdev7
Document TitleAudit Logs & Security Tracking - SRS
Document NumberSRS-007
Version1.0
Specification Date17-November-24
StatusImplemented
RoleNameDate
Project ManagerJoseph Ruiz17-November-24
Tech LeadJoseph Ruiz17-November-24
VersionDateChanges MadeAuthor
1.017-November-24Initial SRS DocumentationJoseph Ruiz

This document specifies the requirements for the implementation of an Audit Logging and Security Tracking System in the ruizdev7 Portfolio application.
The objective is to provide comprehensive monitoring and logging of all critical system events, user actions, security events, and resource modifications to ensure accountability, support security investigations, meet compliance requirements, and facilitate troubleshooting.

The Audit Logs & Security Tracking System includes the following components:

  • Authentication Event Logging: Track login, logout, failed login attempts, and token operations.
  • Resource Modification Logging: Log all CRUD operations on critical resources (users, posts, pumps, etc.).
  • Security Event Tracking: Monitor suspicious activities, permission denials, and security violations.
  • User Action Tracking: Record user-initiated actions with context (IP address, user agent, timestamp).
  • Audit Log Retrieval: Administrative interface for viewing and analyzing audit logs.
  • Log Filtering: Search and filter logs by user, event type, resource, date range.
  • Immutable Records: Ensure audit logs cannot be modified or deleted by regular operations.
  • Performance Optimization: Efficient logging that doesn’t impact application performance.

The implementation ensures:

  • Complete audit trail for compliance (SOC 2, GDPR, PCI-DSS readiness)
  • Security incident investigation capabilities
  • Accountability for all system changes
  • Non-intrusive logging mechanism
  • Audit Log: Immutable record of a system event with metadata (who, what, when, where, how).
  • Event Type: Category of logged event (login, create, update, delete, permission_denied, etc.).
  • Resource: Entity being acted upon (users, posts, pumps, categories, etc.).
  • Action: Operation performed (create, read, update, delete).
  • IP Address: Network address of the client making the request.
  • User Agent: Browser/client information from HTTP headers.
  • Additional Data: Optional JSON field for storing event-specific details.
  • Immutability: Property ensuring logs cannot be altered after creation.

Priority: Critical
Description:

FieldDetail
Use Case NameLog Authentication Events
Subject AreaSecurity Monitoring
Business EventThis use case applies when authentication-related events occur (login, logout, failures).
ActorsSystem user, AuditLogService, ruizdev7 Platform.
Use Case OverviewThis use case covers logging all authentication events for security monitoring.
PreconditionsDatabase must be accessible for log storage.
Termination OutcomeAuthentication event is logged with user ID, timestamp, IP address, and outcome.
Condition Affecting OutcomeDatabase connection errors (logs should queue for retry).
Use Case DescriptionThe system captures authentication events (successful login, logout, failed login attempts), records user email, IP address, user agent, timestamp, and stores immutable log entry.
Use Case AssociationsUC-008: User Login (SRS-005), UC-010: User Logout (SRS-005).
Traceability ToSRS-007, SRS-005.
Input SummaryUser ID (if available), email, event type, IP address, user agent.
Output SummaryImmutable audit log entry in tbl_audit_logs.
Usability IndexCritical for security compliance.
Use Case NotesFailed login attempts logged without user ID (ccn_user=NULL). Helps detect brute force attacks.
CriterionDescription / Acceptance Condition
Authentication LoggingAll login, logout, and failed login attempts are logged.
CRUD LoggingAll create, update, delete operations on critical resources are logged.
User AttributionAll logs include user ID (when authenticated) or indication of anonymous action.
IP Address TrackingClient IP addresses are captured for all logged events.
Timestamp AccuracyAll logs have precise timestamps (to the second).
ImmutabilityAudit logs cannot be modified or deleted through normal operations.
PerformanceLogging does not add more than 50ms to operation time.
Log RetrievalAdministrators can view logs with filtering and pagination.
Security EventsPermission denials and security violations are logged.
Data IntegrityAdditional context stored in JSON format for complex events.
CategoryRequirement
PerformanceLogging adds <50ms overhead. Log queries return in <500ms.
StorageEfficient storage with automatic archiving after 1 year (configurable).
SecurityLogs stored in separate table with restricted access. No sensitive data (passwords) logged.
Availability99.99% availability for logging service. Failed logs queued for retry.
ScalabilitySupport for 1M+ log entries without performance degradation.
ComplianceMeets SOC 2, GDPR, PCI-DSS audit trail requirements.
RetentionLogs retained for minimum 1 year, configurable up to 7 years.
IntegrityCryptographic hash verification for log integrity (future enhancement).

Table: tbl_audit_logs

  • ccn_audit_log (Primary Key, Auto-increment)
  • ccn_user (Foreign Key -> tbl_users, Nullable - NULL for unauthenticated events)
  • event_type (String(50), Required - login, logout, create, update, delete, permission_denied, etc.)
  • resource (String(50), Required - users, posts, pumps, categories, auth, etc.)
  • action (String(20), Required - create, read, update, delete)
  • description (Text, Required - Human-readable description)
  • ip_address (String(45), Optional - IPv4 or IPv6)
  • user_agent (String(500), Optional - Browser/client information)
  • additional_data (Text/JSON, Optional - Event-specific details)
  • created_at (Timestamp, Required, Indexed - Auto-generated, immutable)

Indexes:

  • Primary key on ccn_audit_log
  • Index on ccn_user for user-specific queries
  • Index on event_type for filtering
  • Index on created_at for date range queries
  • Composite index on (resource, action, created_at) for resource queries

AuditLogService (Singleton):

Core Methods:

  • create_log(user_id, event_type, resource, action, description, ip, user_agent, additional_data): Base logging method
  • log_login(user_id, email, ip): Successful login
  • log_logout(user_id, email): User logout
  • log_failed_login(email, ip): Failed login attempt
  • log_create(user_id, resource, description): Resource creation
  • log_update(user_id, resource, description): Resource update
  • log_delete(user_id, resource, description): Resource deletion

Automatic Context Capture:

  • IP address from request.remote_addr
  • User agent from request.headers['User-Agent']
  • Timestamp automatically set by database
Event TypeDescriptionExample
loginSuccessful authenticationUser logged in
logoutUser session terminationUser logged out
login_failedFailed authentication attemptFailed login for email X
createResource creationCreated post “Title”
updateResource modificationUpdated pump #123
deleteResource deletionDeleted user account
permission_deniedAuthorization failureUser lacks posts.create permission
token_refreshJWT token renewalAccess token refreshed
password_changePassword updateUser changed password
password_resetPassword reset via emailPassword reset requested
role_assignedRole granted to userAssigned admin role to user
role_removedRole revoked from userRemoved moderator role
MethodEndpointDescriptionAuthPermission
GET/api/v1/audit-logsList audit logs (paginated)YesAdmin
GET/api/v1/audit-logs/{id}Get specific log entryYesAdmin
GET/api/v1/audit-logs/user/{user_id}Get logs for specific userYesAdmin
GET/api/v1/audit-logs/exportExport logs to CSV/ExcelYesAdmin
GET/api/v1/audit-logs/statsGet audit statisticsYesAdmin

Authentication System (SRS-005):

  • Login success/failure
  • Logout events
  • Token refresh
  • Token revocation

User Management (SRS-010):

  • User creation
  • Profile updates
  • Email changes
  • Password changes
  • Password resets
  • Account deactivation
  • Role assignments

Blog/Posts (SRS-006):

  • Post creation
  • Post updates
  • Post deletion

Pump Management (SRS-007):

  • Pump creation
  • Specification updates
  • Photo uploads
  • Pump deletion

Financial Calculator (SRS-009):

  • Calculation creation
  • Calculation updates
  • Calculation deletion

Contact Form (SRS-008):

  • Message submission
  • Message read status changes

Optimization Strategies:

  1. Indexing: Multi-column indexes for common query patterns
  2. Partitioning: Date-based partitioning for large datasets
  3. Archiving: Move old logs (>1 year) to archive tables
  4. Caching: Redis cache for frequently accessed log statistics
  5. Read Replicas: Separate database read replicas for log queries

Access Control:

  • Only administrators can view audit logs
  • Logs cannot be modified or deleted via API
  • Database triggers prevent direct log modification
  • Separate database user with append-only permissions

Data Protection:

  • Never log passwords (even hashed)
  • Sensitive data redacted or tokenized
  • PII handling according to GDPR requirements
  • Encryption at rest for log storage

Integrity Verification:

  • Sequential log IDs prevent tampering
  • Checksums for log integrity (future)
  • Regular backup of audit logs
  • Immutable append-only storage

Admin Dashboard:

  • Audit Logs table with filtering
  • Event timeline visualization
  • User activity heatmap
  • Security alerts panel

Components:

  • EventsLogs.jsx - Audit log viewer
  • Security.jsx - Security events dashboard
  • AuditLogTable.jsx - Paginated log table (future)
  • LogExport.jsx - Export functionality (future)

Real-time Alerts (Future):

  • Multiple failed login attempts (brute force detection)
  • Permission denial patterns (unauthorized access attempts)
  • Unusual user activity (anomaly detection)
  • Administrative actions requiring approval

Integration:

  • Webhook notifications for critical events
  • Email alerts to administrators
  • Slack/Teams integration for security team
  • SIEM integration (Splunk, ELK Stack)

SOC 2 Type II:

  • Complete audit trail of all system changes
  • User attribution for all actions
  • Immutable log storage
  • Access controls on log data

GDPR:

  • Right to access: Users can request their audit trail
  • Right to erasure: Special handling for deleted users
  • Data minimization: Only essential data logged
  • Secure storage: Encryption and access controls

PCI-DSS (if handling payments):

  • Log all access to cardholder data
  • Retain logs for minimum 1 year
  • Protect log data from tampering
  • Regular log review processes
FieldDetail
Stakeholdersruizdev7 Team, Security Team, Compliance Officers, Auditors
Attachments[test_audit_logs.py]
Tech StackFlask, SQLAlchemy, PostgreSQL/MySQL
Frontend ComponentsEventsLogs.jsx, Security.jsx
TestingUnit tests in test_audit_logs.py
Future EnhancementsLog integrity verification, automated compliance reports, ML-based anomaly detection
Name/TitleSignatureDate
Client Representativeruizdev717-November-24
Company Representativeruizdev717-November-24