https://github.com/alphagov/paas-auditor
Stores Cloud Foundry audit events in a Postgres database
https://github.com/alphagov/paas-auditor
cloud-foundry paas reliability-engineering security
Last synced: 12 months ago
JSON representation
Stores Cloud Foundry audit events in a Postgres database
- Host: GitHub
- URL: https://github.com/alphagov/paas-auditor
- Owner: alphagov
- License: mit
- Created: 2019-05-02T11:30:18.000Z (almost 7 years ago)
- Default Branch: main
- Last Pushed: 2025-05-07T09:58:37.000Z (12 months ago)
- Last Synced: 2025-05-08T22:47:16.758Z (12 months ago)
- Topics: cloud-foundry, paas, reliability-engineering, security
- Language: Go
- Homepage:
- Size: 19.5 MB
- Stars: 1
- Watchers: 8
- Forks: 3
- Open Issues: 8
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# paas-auditor
🎵 [`paas-billing` 2: Auditor Boogaloo](https://www.youtube.com/watch?v=4Oy7krobW78) 🎵
## Overview
A Golang application that scrapes Cloud Controller's `/v2/events` endpoint for Audit Events and stores them in a Postgres database.
**To understand how to run this and solve issues, see the [RUNBOOK](RUNBOOK.md).**
## Installation
You will need:
* `Go v1.20`
To build the application run the default make target:
```
make
```
You should then get a binary in `bin/paas-auditor`.
## Configuration
`paas-auditor` takes the following environment variables:
| Variable name | Type | Required | Default | Description |
|---|---|---|---|---|
|`APP_ROOT`|string|no|`$PWD`|absolute path to the application source to discover assets at runtime|
|`DATABASE_URL`|string|yes||Postgres connection string|
|`CF_API_ADDRESS`|string|yes||Cloud Foundry API endpoint|
|`CF_CLIENT_ID`|string|yes|| Cloud Foundry client id|
|`CF_CLIENT_SECRET`|string|yes||Cloud Foundry client secret|
|`SPLUNK_API_KEY`|string|no||Optional API key for Splunk, if provided it will send events to Splunk HEC|
|`SPLUNK_HEC_ENDPOINT_URL`|string|no||Optional URL for Splunk, if provided it will send events to Splunk HEC|
|`DEPLOY_ENV`|string|no||populates the `source` field in Splunk|
|`PORT_ENV`|string|no||port on which to listen, to serve metrics|
**Note**: in development you can use `CF_USERNAME` and `CF_PASSWORD` instead of `CF_CLIENT_ID` `CF_CLIENT_SECRET` to allow it to log into Cloud Foundry
## Metrics
`paas-auditor` exposes the following metrics via `/metrics`:
| Metric | Description |
|---|---|
|`cf_audit_event_collector_collect_duration_total`| Number of seconds spent collecting events by CF Audit Event Collector |
|`cf_audit_event_collector_errors_total`| Number of errors encountered by CF Audit Event Collector |
|`cf_audit_event_collector_events_collected_total`| Number of events collected and saved to the DB by CF Audit Event Collector |
|`cf_audit_events_to_splunk_shipper_errors_total`| Number of errors encountered by CF Audit Events to Splunk shipper |
|`cf_audit_events_to_splunk_shipper_events_shipped_total`| Number of CF audit events shipped to Splunk by CF Audit Events to Splunk shipper |
|`cf_audit_events_to_splunk_shipper_latest_event_timestamp`| Unix epoch seconds of most recent event shipped to Splunk |
|`cf_audit_events_to_splunk_shipper_ship_duration_total`| Number of seconds spent shipping events by CF Audit Events to Splunk Shipper |
|`informer_cf_audit_events_total`| Number of CF audit events in the database (This number is approximate, and depends on Postgres `reltuples`) |
|`informer_latest_cf_audit_event_timestamp`| Unix epoch seconds of most recent event in the database |
The default Go and Prometheus metrics are also exposed.