Summary
Add comprehensive audit logging for security monitoring, compliance, and troubleshooting in enterprise deployments.
Features
Audit Event Categories
- Authentication events (login/logout/failures)
- Connection lifecycle (connect/disconnect/errors)
- Configuration changes
- Administrative actions
- Security events (kill switch activation, IP leaks)
Audit Log Format
{
"timestamp": "2025-01-15T10:30:45Z",
"event_type": "connection.established",
"user": "alice",
"machine_id": "abc123...",
"source_ip": "192.168.1.100",
"server": "us-east-01.mbvpn.com",
"session_id": "sess_789xyz",
"details": {
"protocol": "wireguard",
"port": 51820,
"encryption": "ChaCha20Poly1305"
},
"outcome": "success"
}Log Storage Options
- Local files (structured JSON or syslog format)
- Syslog integration (rsyslog, syslog-ng)
- Remote logging (centralized SIEM systems)
- Journald integration (systemd journal)
Configuration Interface
# Configure audit logging
mbvpn audit config --enable
mbvpn audit config --format json
mbvpn audit config --destination file:/var/log/mbvpn/audit.log
# View recent audit events
mbvpn audit show --last 24h
mbvpn audit show --event-type authentication
# Export audit logs
mbvpn audit export --format csv --period 30d
Configuration Format
# In ~/.config/mbvpn/config.yml
audit:
enabled: true
format: "json" # json, syslog, cef
destinations:
- type: "file"
path: "/var/log/mbvpn/audit.log"
rotation: "daily"
retention: "90d"
- type: "syslog"
facility: "local0"
severity: "info"
- type: "remote"
url: "https://siem.company.com/api/logs"
auth_token_file: "/etc/mbvpn/siem-token"
events:
- "authentication.*"
- "connection.*"
- "configuration.changed"
- "security.*"Event Types
Authentication Events
authentication.login.successauthentication.login.failureauthentication.logoutauthentication.token.expired
Connection Events
connection.initiatedconnection.establishedconnection.failedconnection.terminatedconnection.auto_reconnect
Security Events
security.kill_switch.activatedsecurity.ip_leak.detectedsecurity.dns_leak.detectedsecurity.unauthorized_access
Compliance Features
- Tamper-evident log signing
- Log integrity verification
- Regulatory compliance templates (SOX, HIPAA, PCI-DSS)
- Automated compliance reporting
Implementation Details
- Structured logging with consistent schema
- Asynchronous logging for performance
- Log rotation and retention policies
- Secure log transmission (TLS)
- Log anonymization options
Priority
📊 Priority 3 (3-4 weeks)
Labels
- enhancement
- priority-3
- security
- compliance
- enterprise
- logging
Summary
Add comprehensive audit logging for security monitoring, compliance, and troubleshooting in enterprise deployments.
Features
Audit Event Categories
Audit Log Format
{ "timestamp": "2025-01-15T10:30:45Z", "event_type": "connection.established", "user": "alice", "machine_id": "abc123...", "source_ip": "192.168.1.100", "server": "us-east-01.mbvpn.com", "session_id": "sess_789xyz", "details": { "protocol": "wireguard", "port": 51820, "encryption": "ChaCha20Poly1305" }, "outcome": "success" }Log Storage Options
Configuration Interface
Configuration Format
Event Types
Authentication Events
authentication.login.successauthentication.login.failureauthentication.logoutauthentication.token.expiredConnection Events
connection.initiatedconnection.establishedconnection.failedconnection.terminatedconnection.auto_reconnectSecurity Events
security.kill_switch.activatedsecurity.ip_leak.detectedsecurity.dns_leak.detectedsecurity.unauthorized_accessCompliance Features
Implementation Details
Priority
📊 Priority 3 (3-4 weeks)
Labels