Search code examples
phpmysqllaravel-5audit

How to Log all web transactions (PHP/Laravel)

I am developing one secure application in PHP/MySQl (using Laravel 5.2 framework ) and below is my requirement

  1. I need to log all the transactions that being happening the application , say for example who logged in , what operations he did. If he opens any report what report he opened and what data he seen and what are those records he seen?

  2. This is basically for audit purpose so I should able to store data in db and provide to audit team on demand basis

Please let me know if there are any existing plugin(s) which would support this requirement or suggest me best way to build this ?

Thanks in advance!

Solution

  • Logger

    The easiest and fast approach is by using the logger provided by Laravel out of the box.

    You can track the user by adding a line of code similar to this:

    Log::info('Showing user profile for user: '.$id);

    Where $id is

    $user = Auth::user();

    Or to make it dry create an static method to reuse across your application:

    public static function trackUser($message){
  $user = Auth::user();
  Log::info('Showing user profile for user: '.$user->id);
}

    Extend this to add more data as desired.

    More information about the Laravel logger at:

    https://laravel.com/docs/5.2/errors#logging

    Event Log / Revisions

    If you want to also track entities in your system you might want to also consider something like an event log:

    I have used this library: https://github.com/VentureCraft/revisionable in the past and it worked well for my purpose.

    Evert time an entity is modified, created or deleted it will insert a record in a revisions table with a serialized value of the previous and new values.

    You will need to set up your entities. This is an example of how I set it up on an entity:

    <?php

namespace App;

use Illuminate\Database\Eloquent\Model;
use Sofa\Revisionable\Laravel\RevisionableTrait;
use Sofa\Revisionable\Revisionable;

class Invoice extends Model implements Revisionable {
    use RevisionableTrait;

    protected $table = 'invoices';
    protected $fillable = ['po_id', 'file_name', 'charges', 'customer', 'company', 'notes', 'tax', 'created_by'];
    protected $revisionPresenter = 'App\Presenters\InvoicePresenter';

    public function po()
    {
        return $this->belongsTo('App\PO');
    }

    public function transactions()
    {
        return $this->hasMany('App\Transaction');
    }
}

    After that you will be able to track changed on your entities without doing anything extra in your code.

    Event Sourcing

    Event sourcing will introduce a lot of complexity to your application, but it will solve a lot of issues. By implementing this pattern you will not only be able to log what a user is doing in your system, but also track each entity as time goes by. This is achieved by only storing the events as they happen and recreating the entities by running all the events. This will impact performance, but it can be solved by combining this pattern with a Materialized View pattern. This can add an eventual consistency to your app.

    Please make sure there is really a value of using this pattern, otherwise you (and your team) will feel the pain of the complexity