Public Access
Jonathan Miller
b491241a58
Universal: Sync Feature Branch Versions / Sync feature branches with dev (push) Has been skipped
# Conflicts: # .mokogitea/CLAUDE.md # .mokogitea/ISSUE_TEMPLATE/config.yml # .mokogitea/ISSUE_TEMPLATE/documentation.md # .mokogitea/ISSUE_TEMPLATE/feature_request.md # .mokogitea/ISSUE_TEMPLATE/security.md # .mokogitea/branch-protection.yml # .mokogitea/bulk-repo-sync.yml # .mokogitea/pr-branch-check.yml # .mokogitea/renovate.yml # .mokogitea/sync-wikis.yml # .mokogitea/workflows/auto-bump.yml # .mokogitea/workflows/auto-release.yml # .mokogitea/workflows/ci-platform.yml # .mokogitea/workflows/cleanup.yml # .mokogitea/workflows/gitleaks.yml # .mokogitea/workflows/issue-branch.yml # .mokogitea/workflows/notify.yml # .mokogitea/workflows/pre-release.yml # .mokogitea/workflows/repo-health.yml # .mokogitea/workflows/security-audit.yml # .script-registry.json # CHANGELOG.md # PLUGIN_SCRIPTS.md # README.md # analysis/index.md # automation/bulk_joomla_template.php # automation/bulk_sync.php # automation/enrich_manifest_xml.php # automation/enrich_mokostandards_xml.php # automation/index.md # automation/migrate_to_gitea.php # automation/push_files.php # automation/push_manifest_xml.php # automation/push_mokostandards_xml.php # automation/repo_cleanup.php # bin/moko # cli/archive_repo.php # cli/audit_query.php # cli/badge_update.php # cli/branch_rename.php # cli/bulk_workflow_push.php # cli/bulk_workflow_trigger.php # cli/changelog_promote.php # cli/changelog_prune.php # cli/client_dashboard.php # cli/client_health_check.php # cli/client_inventory.php # cli/client_provision.php # cli/completion.php # cli/create_project.php # cli/create_repo.php # cli/deploy_joomla.php # cli/dev_branch_reset.php # cli/grafana_dashboard.php # cli/joomla_build.php # cli/joomla_compat_check.php # cli/joomla_metadata_validate.php # cli/joomla_release.php # cli/license_manage.php # cli/manifest_element.php # cli/manifest_licensing.php # cli/manifest_read.php # cli/package_build.php # cli/platform_detect.php # cli/release.php # cli/release_body_update.php # cli/release_cascade.php # cli/release_create.php # cli/release_manage.php # cli/release_mirror.php # cli/release_notes.php # cli/release_package.php # cli/release_promote.php # cli/release_publish.php # cli/release_validate.php # cli/release_verify.php # cli/scaffold_client.php # cli/sync_rulesets.php # cli/theme_lint.php # cli/updates_xml_build.php # cli/updates_xml_sync.php # cli/version_auto_bump.php # cli/version_bump.php # cli/version_bump_remote.php # cli/version_check.php # cli/version_read.php # cli/version_reset_dev.php # cli/version_set_platform.php # cli/wiki_sync.php # cli/workflow_sync.php # composer.json # deploy/backup-before-deploy.php # deploy/deploy-dolibarr.php # deploy/deploy-joomla.php # deploy/deploy-sftp.php # deploy/health-check.php # deploy/rollback-joomla.php # deploy/sync-joomla.php # fix/fix_line_endings.php # fix/fix_permissions.php # fix/fix_tabs.php # fix/fix_trailing_spaces.php # fix/index.md # index.md # lib/CliBase.php # lib/Common.php # lib/Enterprise/AbstractProjectPlugin.php # lib/Enterprise/ApiClient.php # lib/Enterprise/AuditLogger.php # lib/Enterprise/CheckpointManager.php # lib/Enterprise/CliFramework.php # lib/Enterprise/Config.php # lib/Enterprise/ConfigValidator.php # lib/Enterprise/EnterpriseReadinessValidator.php # lib/Enterprise/ErrorRecovery.php # lib/Enterprise/FileFixUtility.php # lib/Enterprise/GitHubAdapter.php # lib/Enterprise/GitPlatformAdapter.php # lib/Enterprise/InputValidator.php # lib/Enterprise/ManifestParser.php # lib/Enterprise/ManifestReader.php # lib/Enterprise/MetricsCollector.php # lib/Enterprise/MokoGiteaAdapter.php # lib/Enterprise/PackageBuilder.php # lib/Enterprise/PlatformAdapterFactory.php # lib/Enterprise/PluginFactory.php # lib/Enterprise/PluginRegistry.php # lib/Enterprise/Plugins/ApiPlugin.php # lib/Enterprise/Plugins/DocumentationPlugin.php # lib/Enterprise/Plugins/DolibarrPlugin.php # lib/Enterprise/Plugins/GenericPlugin.php # lib/Enterprise/Plugins/JoomlaPlugin.php # lib/Enterprise/Plugins/McpServerPlugin.php # lib/Enterprise/Plugins/MobilePlugin.php # lib/Enterprise/Plugins/NodeJsPlugin.php # lib/Enterprise/Plugins/PythonPlugin.php # lib/Enterprise/Plugins/TerraformPlugin.php # lib/Enterprise/Plugins/WordPressPlugin.php # lib/Enterprise/ProjectConfigValidator.php # lib/Enterprise/ProjectMetricsCollector.php # lib/Enterprise/ProjectPluginInterface.php # lib/Enterprise/ProjectTypeDetector.php # lib/Enterprise/RecoveryError.php # lib/Enterprise/RecoveryManager.php # lib/Enterprise/RepositoryHealthChecker.php # lib/Enterprise/RepositorySynchronizer.php # lib/Enterprise/RetryHelper.php # lib/Enterprise/SecurityValidator.php # lib/Enterprise/SourceResolver.php # lib/Enterprise/SynchronizationException.php # lib/Enterprise/TransactionManager.php # lib/Enterprise/UnifiedValidation.php # lib/index.md # lib/plugins/Joomla/UpdateXmlGenerator.php # maintenance/index.md # maintenance/pin_action_shas.php # maintenance/repo_inventory.php # maintenance/rotate_secrets.php # maintenance/setup_labels.php # maintenance/sync_dolibarr_readmes.php # maintenance/update_repo_inventory.php # maintenance/update_sha_hashes.php # maintenance/update_version_from_readme.php # mcp/config.example.json # mcp/package.json # mcp/src/config.ts # mcp/src/index.ts # mcp/src/runner.ts # mcp/src/types.ts # phpcs.xml # plugin_health_check.php # plugin_list.php # plugin_metrics.php # plugin_readiness.php # plugin_validate.php # release/generate_dolibarr_version_txt.php # release/generate_joomla_update_xml.php # src/functions.php # templates/configs/README.md # templates/configs/index.md # templates/configs/manifest.xml.template # templates/configs/manifest.yml.template # templates/configs/mokostandards.xml.template # templates/configs/mokostandards.yml.template # templates/configs/phpcs.xml # templates/docs/README.md # templates/docs/extra/README.md # templates/docs/extra/index.md # templates/docs/index.md # templates/docs/required/GOVERNANCE.md # templates/docs/required/README.md # templates/docs/required/index.md # templates/docs/required/template-CONTRIBUTING.md # templates/docs/required/template-README.md # templates/docs/required/template-SECURITY.md # templates/index.md # templates/licenses/README.md # templates/licenses/index.md # templates/makefiles/README.md # templates/mokogitea/CLAUDE.dolibarr.md.template # templates/mokogitea/CLAUDE.joomla.md.template # templates/mokogitea/CLAUDE.md.template # templates/mokogitea/ISSUE_TEMPLATE/config.yml # templates/mokogitea/ISSUE_TEMPLATE/documentation.md # templates/mokogitea/ISSUE_TEMPLATE/dolibarr_module_id_request.md # templates/mokogitea/ISSUE_TEMPLATE/feature_request.md # templates/mokogitea/ISSUE_TEMPLATE/security.md # templates/mokogitea/README.md # templates/mokogitea/copilot-instructions.dolibarr.md.template # templates/mokogitea/copilot-instructions.joomla.md.template # templates/mokogitea/copilot-instructions.md.template # templates/mokogitea/dependabot.yml.template # templates/mokogitea/override.tf.template # templates/required/README.md # templates/schemas/README.md # templates/schemas/manifest-schema.xsd # templates/schemas/moko-platform-schema.xsd # templates/schemas/mokostandards-schema.xsd # templates/schemas/schemas/README.md # templates/schemas/template-repository-structure.xml # templates/scripts/README.md # templates/scripts/common/CliBase.template.php # templates/scripts/fix/index.md # templates/scripts/index.md # templates/scripts/release/index.md # templates/scripts/release/package_dolibarr.php # templates/scripts/release/package_joomla.php # templates/scripts/sftp-config/README.md # templates/scripts/validate/dolibarr_module.php # templates/scripts/validate/index.md # templates/scripts/validate/validate_manifest.php # templates/scripts/validate/validate_structure.php # templates/security/README.md # templates/security/index.php # templates/stubs/dolibarr.php # templates/stubs/joomla.php # templates/web/index.php # tests/Enterprise/GitPlatformAdapterTest.php # tests/Unit/VersionBumpTest.php # tests/Unit/VersionReadTest.php # tests/index.md # tests/test_circuit_breaker_handling.php # tests/test_enterprise_libraries.php # validate/SECURITY_SCANNING.md # validate/auto_detect_platform.php # validate/check_changelog.php # validate/check_client_theme.php # validate/check_composer_deps.php # validate/check_dolibarr_module.php # validate/check_enterprise_readiness.php # validate/check_file_integrity.php # validate/check_joomla_manifest.php # validate/check_language_structure.php # validate/check_license_headers.php # validate/check_no_secrets.php # validate/check_paths.php # validate/check_php_syntax.php # validate/check_repo_health.php # validate/check_structure.php # validate/check_tabs.php # validate/check_version_consistency.php # validate/check_wiki_health.php # validate/check_xml_wellformed.php # validate/index.md # validate/scan_drift.php # wrappers/auto_detect_platform.php # wrappers/bulk_sync.php # wrappers/check_changelog.php # wrappers/check_dolibarr_module.php # wrappers/check_enterprise_readiness.php # wrappers/check_joomla_manifest.php # wrappers/check_language_structure.php # wrappers/check_license_headers.php # wrappers/check_no_secrets.php # wrappers/check_paths.php # wrappers/check_php_syntax.php # wrappers/check_repo_health.php # wrappers/check_structure.php # wrappers/check_tabs.php # wrappers/check_version_consistency.php # wrappers/check_xml_wellformed.php # wrappers/deploy_sftp.php # wrappers/fix_line_endings.php # wrappers/fix_permissions.php # wrappers/fix_tabs.php # wrappers/fix_trailing_spaces.php # wrappers/gen_wrappers.php # wrappers/index.md # wrappers/pin_action_shas.php # wrappers/plugin_health_check.php # wrappers/plugin_list.php # wrappers/plugin_metrics.php # wrappers/plugin_readiness.php # wrappers/plugin_validate.php # wrappers/scan_drift.php # wrappers/setup_labels.php # wrappers/sync_dolibarr_readmes.php # wrappers/update_sha_hashes.php # wrappers/update_version_from_readme.php
464 lines
14 KiB
PHP
464 lines
14 KiB
PHP
#!/usr/bin/env php
|
|
<?php
|
|
|
|
/**
|
|
* Copyright (C) 2026 Moko Consulting <hello@mokoconsulting.tech>
|
|
*
|
|
* This file is part of a Moko Consulting project.
|
|
*
|
|
* SPDX-License-Identifier: GPL-3.0-or-later
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation; either version 3 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* FILE INFORMATION
|
|
<<<<<<< HEAD
|
|
* DEFGROUP: MokoCLI.Enterprise.CLI
|
|
* INGROUP: MokoCLI.Enterprise
|
|
* REPO: https://git.mokoconsulting.tech/MokoConsulting/mokocli
|
|
=======
|
|
* DEFGROUP: MokoPlatform.Enterprise.CLI
|
|
* INGROUP: MokoPlatform.Enterprise
|
|
* REPO: https://git.mokoconsulting.tech/MokoConsulting/mokoplatform
|
|
>>>>>>> main
|
|
* PATH: /cli/audit_query.php
|
|
* BRIEF: Search, filter, and export audit logs
|
|
*/
|
|
|
|
declare(strict_types=1);
|
|
|
|
require_once __DIR__ . '/../lib/Enterprise/CliFramework.php';
|
|
|
|
use MokoCli\CliFramework;
|
|
|
|
/**
|
|
* CLI tool to search, filter, and export audit logs.
|
|
*
|
|
* Reads JSONL audit log files from var/logs/audit/ and provides
|
|
* filtering by service, user, event type, level, and date range.
|
|
*
|
|
* @since 09.01.00
|
|
*/
|
|
class AuditQueryCli extends CliFramework
|
|
{
|
|
protected function configure(): void
|
|
{
|
|
$this->setDescription('Search, filter, and export audit logs');
|
|
$this->addArgument('--path', 'Repository root (for var/logs/audit/)', '.');
|
|
$this->addArgument('--log-dir', 'Custom log directory', '');
|
|
$this->addArgument('--service', 'Filter by service name', '');
|
|
$this->addArgument('--user', 'Filter by user', '');
|
|
$this->addArgument('--event', 'Filter by event type', '');
|
|
$this->addArgument('--level', 'Filter by log level (info/warning/error)', '');
|
|
$this->addArgument('--since', 'Show entries since date (YYYY-MM-DD)', '');
|
|
$this->addArgument('--until', 'Show entries until date (YYYY-MM-DD)', '');
|
|
$this->addArgument('--limit', 'Max entries to show', '50');
|
|
$this->addArgument('--format', 'Output format: table, json, jsonl', 'table');
|
|
$this->addArgument('--tail', 'Show last N entries (like tail)', false);
|
|
$this->addArgument('--stats', 'Show summary statistics instead of entries', false);
|
|
}
|
|
|
|
protected function run(): int
|
|
{
|
|
$logDir = $this->resolveLogDir();
|
|
|
|
if ($logDir === null) {
|
|
return self::EXIT_NOT_FOUND;
|
|
}
|
|
|
|
$files = $this->findLogFiles($logDir);
|
|
|
|
if (empty($files)) {
|
|
$this->log('WARNING', 'No audit log files found in ' . $logDir);
|
|
return self::EXIT_SUCCESS;
|
|
}
|
|
|
|
$this->log('DEBUG', sprintf('Found %d log file(s) in %s', count($files), $logDir));
|
|
|
|
$entries = $this->loadEntries($files);
|
|
$entries = $this->filterEntries($entries);
|
|
|
|
// Sort by timestamp descending (newest first).
|
|
usort($entries, static function (array $a, array $b): int {
|
|
return ($b['timestamp'] ?? '') <=> ($a['timestamp'] ?? '');
|
|
});
|
|
|
|
// Stats mode — show aggregated counts.
|
|
if ($this->getArgument('--stats')) {
|
|
return $this->showStats($entries);
|
|
}
|
|
|
|
// Apply limit.
|
|
$limit = (int) $this->getArgument('--limit', '50');
|
|
if ($limit > 0 && count($entries) > $limit) {
|
|
$entries = array_slice($entries, 0, $limit);
|
|
}
|
|
|
|
if (empty($entries)) {
|
|
$this->log('INFO', 'No entries match the given filters.');
|
|
return self::EXIT_SUCCESS;
|
|
}
|
|
|
|
return $this->outputEntries($entries);
|
|
}
|
|
|
|
/**
|
|
* Resolve the audit log directory path.
|
|
*
|
|
* @return string|null Resolved directory path or null if not found.
|
|
*/
|
|
private function resolveLogDir(): ?string
|
|
{
|
|
$customDir = $this->getArgument('--log-dir');
|
|
|
|
if ($customDir !== '' && $customDir !== null) {
|
|
$logDir = (string) $customDir;
|
|
} else {
|
|
$repoPath = (string) $this->getArgument('--path', '.');
|
|
$logDir = rtrim($repoPath, '/\\') . '/var/logs/audit';
|
|
}
|
|
|
|
if (!is_dir($logDir)) {
|
|
$this->log('ERROR', 'Audit log directory not found: ' . $logDir);
|
|
return null;
|
|
}
|
|
|
|
return $logDir;
|
|
}
|
|
|
|
/**
|
|
* Find audit log files matching date range filter.
|
|
*
|
|
* @param string $logDir Path to audit log directory.
|
|
* @return string[] Array of file paths sorted by name.
|
|
*/
|
|
private function findLogFiles(string $logDir): array
|
|
{
|
|
$pattern = $logDir . '/audit_*.jsonl';
|
|
$allFiles = glob($pattern) ?: [];
|
|
|
|
$serviceFilter = (string) $this->getArgument('--service');
|
|
$sinceDate = (string) $this->getArgument('--since');
|
|
$untilDate = (string) $this->getArgument('--until');
|
|
|
|
$filtered = [];
|
|
|
|
foreach ($allFiles as $file) {
|
|
$basename = basename($file);
|
|
|
|
// Parse service and date from filename: audit_<service>_<YYYYMMDD>.jsonl
|
|
if (!preg_match('/^audit_(.+)_(\d{8})\.jsonl$/', $basename, $matches)) {
|
|
continue;
|
|
}
|
|
|
|
$fileService = $matches[1];
|
|
$fileDate = $matches[2];
|
|
|
|
// Filter by service name from filename (efficient pre-filter).
|
|
if ($serviceFilter !== '' && $fileService !== $serviceFilter) {
|
|
continue;
|
|
}
|
|
|
|
// Filter by date range from filename (efficient pre-filter).
|
|
if ($sinceDate !== '') {
|
|
$sinceCompact = str_replace('-', '', $sinceDate);
|
|
if ($fileDate < $sinceCompact) {
|
|
continue;
|
|
}
|
|
}
|
|
|
|
if ($untilDate !== '') {
|
|
$untilCompact = str_replace('-', '', $untilDate);
|
|
if ($fileDate > $untilCompact) {
|
|
continue;
|
|
}
|
|
}
|
|
|
|
$filtered[] = $file;
|
|
}
|
|
|
|
sort($filtered);
|
|
|
|
return $filtered;
|
|
}
|
|
|
|
/**
|
|
* Load and parse JSONL entries from log files.
|
|
*
|
|
* @param string[] $files Array of file paths.
|
|
* @return array<int, array<string, mixed>> Parsed entries.
|
|
*/
|
|
private function loadEntries(array $files): array
|
|
{
|
|
$entries = [];
|
|
$lineCount = 0;
|
|
|
|
foreach ($files as $file) {
|
|
$handle = fopen($file, 'r');
|
|
if ($handle === false) {
|
|
$this->log('WARNING', 'Cannot open file: ' . $file);
|
|
continue;
|
|
}
|
|
|
|
while (($line = fgets($handle)) !== false) {
|
|
$line = trim($line);
|
|
if ($line === '') {
|
|
continue;
|
|
}
|
|
|
|
$entry = json_decode($line, true);
|
|
if (!is_array($entry)) {
|
|
$lineCount++;
|
|
continue;
|
|
}
|
|
|
|
$entries[] = $entry;
|
|
$lineCount++;
|
|
}
|
|
|
|
fclose($handle);
|
|
}
|
|
|
|
$this->log('DEBUG', sprintf('Parsed %d entries from %d lines', count($entries), $lineCount));
|
|
|
|
return $entries;
|
|
}
|
|
|
|
/**
|
|
* Apply user/event/level/date filters to entries.
|
|
*
|
|
* @param array<int, array<string, mixed>> $entries Raw entries.
|
|
* @return array<int, array<string, mixed>> Filtered entries.
|
|
*/
|
|
private function filterEntries(array $entries): array
|
|
{
|
|
$userFilter = (string) $this->getArgument('--user');
|
|
$eventFilter = (string) $this->getArgument('--event');
|
|
$levelFilter = (string) $this->getArgument('--level');
|
|
$serviceFilter = (string) $this->getArgument('--service');
|
|
$sinceDate = (string) $this->getArgument('--since');
|
|
$untilDate = (string) $this->getArgument('--until');
|
|
|
|
$filtered = [];
|
|
|
|
foreach ($entries as $entry) {
|
|
// Filter by service (in case filename pre-filter was not exact).
|
|
if ($serviceFilter !== '' && ($entry['service'] ?? '') !== $serviceFilter) {
|
|
continue;
|
|
}
|
|
|
|
// Filter by user.
|
|
if ($userFilter !== '' && ($entry['user'] ?? '') !== $userFilter) {
|
|
continue;
|
|
}
|
|
|
|
// Filter by event type (matches event_type or event_subtype).
|
|
if ($eventFilter !== '') {
|
|
$eventType = $entry['event_type'] ?? '';
|
|
$eventSubtype = $entry['event_subtype'] ?? '';
|
|
if ($eventType !== $eventFilter && $eventSubtype !== $eventFilter) {
|
|
continue;
|
|
}
|
|
}
|
|
|
|
// Filter by level.
|
|
if ($levelFilter !== '' && ($entry['level'] ?? '') !== $levelFilter) {
|
|
continue;
|
|
}
|
|
|
|
// Filter by timestamp (precise, within-file filtering).
|
|
$timestamp = $entry['timestamp'] ?? '';
|
|
if ($timestamp !== '' && $sinceDate !== '') {
|
|
$entryDate = substr($timestamp, 0, 10); // YYYY-MM-DD from ISO 8601
|
|
if ($entryDate < $sinceDate) {
|
|
continue;
|
|
}
|
|
}
|
|
if ($timestamp !== '' && $untilDate !== '') {
|
|
$entryDate = substr($timestamp, 0, 10);
|
|
if ($entryDate > $untilDate) {
|
|
continue;
|
|
}
|
|
}
|
|
|
|
$filtered[] = $entry;
|
|
}
|
|
|
|
return $filtered;
|
|
}
|
|
|
|
/**
|
|
* Output entries in the requested format.
|
|
*
|
|
* @param array<int, array<string, mixed>> $entries Filtered entries.
|
|
* @return int Exit code.
|
|
*/
|
|
private function outputEntries(array $entries): int
|
|
{
|
|
$format = (string) $this->getArgument('--format', 'table');
|
|
|
|
$this->section('Audit Log Results');
|
|
$this->log('INFO', sprintf('Showing %d entries', count($entries)));
|
|
|
|
switch ($format) {
|
|
case 'json':
|
|
echo json_encode($entries, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES) . "\n";
|
|
break;
|
|
|
|
case 'jsonl':
|
|
foreach ($entries as $entry) {
|
|
echo json_encode($entry, JSON_UNESCAPED_SLASHES) . "\n";
|
|
}
|
|
break;
|
|
|
|
case 'table':
|
|
default:
|
|
$this->renderTable($entries);
|
|
break;
|
|
}
|
|
|
|
return self::EXIT_SUCCESS;
|
|
}
|
|
|
|
/**
|
|
* Render entries as a formatted table.
|
|
*
|
|
* @param array<int, array<string, mixed>> $entries Entries to display.
|
|
*/
|
|
private function renderTable(array $entries): void
|
|
{
|
|
$headers = ['Time', 'Service', 'User', 'Event', 'Message'];
|
|
$rows = [];
|
|
|
|
foreach ($entries as $entry) {
|
|
$timestamp = $entry['timestamp'] ?? '';
|
|
// Shorten timestamp to YYYY-MM-DD HH:MM:SS.
|
|
if (strlen($timestamp) >= 19) {
|
|
$time = substr($timestamp, 0, 19);
|
|
$time = str_replace('T', ' ', $time);
|
|
} else {
|
|
$time = $timestamp;
|
|
}
|
|
|
|
$service = $entry['service'] ?? '';
|
|
$user = $entry['user'] ?? '';
|
|
|
|
// Build event string from event_type + event_subtype.
|
|
$eventParts = [];
|
|
if (!empty($entry['event_type'])) {
|
|
$eventParts[] = $entry['event_type'];
|
|
}
|
|
if (!empty($entry['event_subtype'])) {
|
|
$eventParts[] = $entry['event_subtype'];
|
|
}
|
|
$event = implode('/', $eventParts);
|
|
|
|
// Build message from message field or data summary.
|
|
$message = $entry['message'] ?? '';
|
|
if ($message === '' && !empty($entry['data']) && is_array($entry['data'])) {
|
|
$dataParts = [];
|
|
foreach ($entry['data'] as $key => $value) {
|
|
if (is_scalar($value)) {
|
|
$dataParts[] = "{$key}={$value}";
|
|
}
|
|
}
|
|
$message = implode(', ', array_slice($dataParts, 0, 3));
|
|
if (count($dataParts) > 3) {
|
|
$message .= '...';
|
|
}
|
|
}
|
|
|
|
// Truncate long messages.
|
|
if (strlen($message) > 60) {
|
|
$message = substr($message, 0, 57) . '...';
|
|
}
|
|
|
|
$rows[] = [$time, $service, $user, $event, $message];
|
|
}
|
|
|
|
$this->table($headers, $rows);
|
|
}
|
|
|
|
/**
|
|
* Show aggregate statistics from filtered entries.
|
|
*
|
|
* @param array<int, array<string, mixed>> $entries Filtered entries.
|
|
* @return int Exit code.
|
|
*/
|
|
private function showStats(array $entries): int
|
|
{
|
|
$this->section('Audit Log Statistics');
|
|
|
|
$total = count($entries);
|
|
if ($total === 0) {
|
|
$this->log('INFO', 'No entries match the given filters.');
|
|
return self::EXIT_SUCCESS;
|
|
}
|
|
|
|
// Aggregate counts.
|
|
$byService = [];
|
|
$byUser = [];
|
|
$byEventType = [];
|
|
$byLevel = [];
|
|
|
|
foreach ($entries as $entry) {
|
|
$service = $entry['service'] ?? 'unknown';
|
|
$user = $entry['user'] ?? 'unknown';
|
|
$eventType = $entry['event_type'] ?? 'unknown';
|
|
$level = $entry['level'] ?? '-';
|
|
|
|
$byService[$service] = ($byService[$service] ?? 0) + 1;
|
|
$byUser[$user] = ($byUser[$user] ?? 0) + 1;
|
|
$byEventType[$eventType] = ($byEventType[$eventType] ?? 0) + 1;
|
|
$byLevel[$level] = ($byLevel[$level] ?? 0) + 1;
|
|
}
|
|
|
|
arsort($byService);
|
|
arsort($byUser);
|
|
arsort($byEventType);
|
|
arsort($byLevel);
|
|
|
|
// Build summary rows.
|
|
$rows = ['Total entries' => $total];
|
|
|
|
// Top services.
|
|
$i = 0;
|
|
foreach ($byService as $name => $count) {
|
|
if ($i >= 5) {
|
|
break;
|
|
}
|
|
$rows["Service: {$name}"] = $count;
|
|
$i++;
|
|
}
|
|
|
|
// Top users.
|
|
$i = 0;
|
|
foreach ($byUser as $name => $count) {
|
|
if ($i >= 5) {
|
|
break;
|
|
}
|
|
$rows["User: {$name}"] = $count;
|
|
$i++;
|
|
}
|
|
|
|
// Event types.
|
|
foreach ($byEventType as $name => $count) {
|
|
$rows["Event: {$name}"] = $count;
|
|
}
|
|
|
|
// Levels.
|
|
foreach ($byLevel as $name => $count) {
|
|
$rows["Level: {$name}"] = $count;
|
|
}
|
|
|
|
$this->printSummaryBox($rows);
|
|
|
|
return self::EXIT_SUCCESS;
|
|
}
|
|
}
|
|
|
|
$app = new AuditQueryCli();
|
|
exit($app->execute());
|