Auditing with C# and .NET

I have a web application, and I would like to audit most of the users actions on the application, for examp开发者_StackOverflowle login, insertion to db, update to db, fired exceptions, etc.

One of my senios suggested using a queue for faster performance, so you just enqeue an event and it is then processed automatically without having to wait for it to be processed.

What are your suggestions? How should I process them? Enqueueing them is no problem, but I'm not sure how they will be processed then without no body calling a method.

I am using C# with .NET 4.0

I've been working on a library that can probably help.

Audit.NET and its extensions to audit different systems (WCF, MVC, WebApi, EF) and store logs in different data storages (SQL, MongoDB, DocumentDB, File, EventLog) will give you the flexibility to configure what do you want to audit and where do you want to store the audit logs.

I would simply recommend an off the shelf logging framework that is stable and supported. Have you considered a logging framework, like log4net?

You could write a custom appender for logging into MSMQ if you'd like.

An alternative logger is called TracerX. It is written in C# and fast and flexible. Because the source code is available it means you can modify it as you wish to suit your needs. It comes with a viewer that allows for filtering the output.

https://github.com/MarkLTX/TracerX and an article on how to use it:

http://www.codeproject.com/KB/dotnet/TracerX.aspx

Two topics of interest actually:

• Asynchronous logging
• Aspect Oriented Features

Asynchronous logging may speed-up heavy processing 100-fold. Use a writer thread that dumps the queue into log sink every,say 100ms however that Logging engine must be deterministically started and stopped so it can flush the sinks on application stop.

Aspect Oriented Programming addressed your cross-cutting concern - audit/log calls shall be invoked in desired operation prologues/epilogues - look at PostSharp project.

(Little late on the answer, this post shows up high in google, so I thought it may be worth looking at some of the options)

If you are looking to actually audit. (By this I mean to record that an action took place, who did it and when, and for that auditable log to be able to be used as evidence to an external auditor)

(Debug Logging vs Auditing logging)

If so, you can consider some options, such as:

1. use an Audit logging library
2. adopt an EventStore database
3. use a logging library that fails loudly

1. using an audit library

• Audit.NET has already been mentioned here and has an impressive number of downloads and is very feature-rich
• auditable - an alternative to the above (disclaimer, its written by me)

both are pretty cool, as they allow you to bring your own datastore

2. Eventsourcing

• EventStore
• Postgres with Marten

The design here (which can impact your architecture to embrace Events) is that Events are immutable, and if you store them then you have an auditable store of things that happened in your system

note this does not look to solve the question above, but it does solve how to audit, so I have mentioned it

3. Logging library

• Serilog - Issue

you have to confirm that the logging library if it fails to add an Audit Log, it will throw an exception.

if it does not do that then you will be missing auditable logs, which then you cannot build trust with your Auditors

Side note 1 - with options 1 and 3, you may need to ensure that the log is written in the same transaction as your primary data store. to ensure that all of the information is ACID. (this is similar to the issue people have with publishing an event which is outside of the database transaction)

Side note 2 - that audit logs should be able to identify who did what, so you may/should need to encrypt the datastore they eventually end up in.