Audit logging: do not perform logger call if logging is disabled (ela…

…stic#170333) ## Summary Use the recently added `Logger.isLevelEnabled` API to short circuit audit logging when disabled That way we're not passing though the whole audit log event construction logic when logging would effectively not be performed. https://github.com/elastic/kibana/blob/7012ca54549a8c4e1ed8a64b871eb3b2f84c417a/x-pack/plugins/security/server/audit/audit_service.ts#L170-L202
crespocarlos · Nov 6, 2023 · 22a2bfe · 22a2bfe
1 parent d64e246
commit 22a2bfe
Show file tree

Hide file tree

Showing 2 changed files with 46 additions and 2 deletions.
diff --git a/x-pack/plugins/security/server/audit/audit_service.test.ts b/x-pack/plugins/security/server/audit/audit_service.test.ts
@@ -52,6 +52,7 @@ const recordAuditLoggingUsage = jest.fn();
 beforeEach(() => {
   logger.info.mockClear();
   logging.configure.mockClear();
+  logger.isLevelEnabled.mockClear().mockReturnValue(true);
   recordAuditLoggingUsage.mockClear();
   http.registerOnPostAuth.mockClear();
 });
@@ -321,6 +322,41 @@ describe('#asScoped', () => {
     expect(logger.info).not.toHaveBeenCalled();
     audit.stop();
   });
+
+  it('does not log to audit logger if info logging level is disabled', async () => {
+    logger.isLevelEnabled.mockReturnValue(false);
+
+    const audit = new AuditService(logger);
+    const auditSetup = audit.setup({
+      license,
+      config,
+      logging,
+      http,
+      getCurrentUser,
+      getSpaceId,
+      getSID,
+      recordAuditLoggingUsage,
+    });
+    const request = httpServerMock.createKibanaRequest({
+      socket: { remoteAddress: '3.3.3.3' } as Socket,
+      headers: {
+        'x-forwarded-for': '1.1.1.1, 2.2.2.2',
+      },
+      kibanaRequestState: { requestId: 'REQUEST_ID', requestUuid: 'REQUEST_UUID' },
+    });
+
+    await auditSetup.asScoped(request).log({
+      message: 'MESSAGE',
+      event: { action: 'ACTION' },
+      http: { request: { method: 'GET' } },
+    });
+
+    expect(logger.info).not.toHaveBeenCalled();
+    expect(logger.isLevelEnabled).toHaveBeenCalledTimes(1);
+    expect(logger.isLevelEnabled).toHaveBeenCalledWith('info');
+
+    audit.stop();
+  });
 });
 
 describe('#withoutRequest', () => {

diff --git a/x-pack/plugins/security/server/audit/audit_service.ts b/x-pack/plugins/security/server/audit/audit_service.ts
@@ -93,13 +93,17 @@ interface AuditServiceSetupParams {
   config: ConfigType['audit'];
   logging: Pick<LoggingServiceSetup, 'configure'>;
   http: Pick<HttpServiceSetup, 'registerOnPostAuth'>;
+
   getCurrentUser(
     request: KibanaRequest
   ): ReturnType<SecurityPluginSetup['authc']['getCurrentUser']> | undefined;
+
   getSID(request: KibanaRequest): Promise<string | undefined>;
+
   getSpaceId(
     request: KibanaRequest
   ): ReturnType<SpacesPluginSetup['spacesService']['getSpaceId']> | undefined;
+
   recordAuditLoggingUsage(): void;
 }
 
@@ -154,9 +158,13 @@ export class AuditService {
       }
     };
 
+    const isLoggingEnabled = () => {
+      return this.logger.isLevelEnabled('info');
+    };
+
     const asScoped = (request: KibanaRequest): AuditLogger => ({
       log: async (event) => {
-        if (!event) {
+        if (!event || !isLoggingEnabled()) {
           return;
         }
         const spaceId = getSpaceId(request);
@@ -197,7 +205,7 @@ export class AuditService {
     });
 
     http.registerOnPostAuth((request, response, t) => {
-      if (request.auth.isAuthenticated) {
+      if (request.auth.isAuthenticated && isLoggingEnabled()) {
         asScoped(request).log(httpRequestEvent({ request }));
       }
       return t.next();