Audit Logging

Overview

Silky's Silky.Http.Auditing package provides automatic audit logging for HTTP requests through the gateway. It captures request/response metadata, user identity, timing, and result codes — making it straightforward to track who did what and when.

Installation

<PackageReference Include="Silky.Http.Auditing" Version="3.9.2" />

Setup

Module

[DependsOn(
    typeof(HttpAuditingModule),
    typeof(GatewayHostModule)
)]
public class GatewayModule : SilkyModule { }

Startup.cs

public void ConfigureServices(IServiceCollection services)
{
    services.AddSilkyHttpCore()
            .AddAuditing();
}

public void Configure(IApplicationBuilder app)
{
    app.UseAuthentication();
    app.UseAuthorization();
    app.UseAuditing();     // place after authentication so user info is available
    app.UseSilkyRpcProxy();
}

Audit Log Content

Each audit log entry captures:

Field	Description
`UserId`	Authenticated user ID (from JWT claim)
`UserName`	User display name
`TenantId`	Tenant ID (multi-tenant scenarios)
`ClientIp`	Client IP address
`HttpMethod`	GET / POST / PUT / DELETE
`Url`	Request URL
`Parameters`	Serialized request body/query
`ExecutionTime`	Request start timestamp
`ExecutionDuration`	Duration in milliseconds
`HttpStatusCode`	HTTP response status code
`Exception`	Exception details if the request failed

Storing Audit Logs

Implement IAuditingStore to persist audit logs to your storage backend:

public class DatabaseAuditingStore : IAuditingStore, IScopedDependency
{
    private readonly IRepository<AuditLog> _repository;

    public DatabaseAuditingStore(IRepository<AuditLog> repository)
    {
        _repository = repository;
    }

    public async Task SaveAsync(AuditLogInfo auditLogInfo)
    {
        var log = new AuditLog
        {
            UserId       = auditLogInfo.UserId,
            UserName     = auditLogInfo.UserName,
            HttpMethod   = auditLogInfo.HttpMethod,
            Url          = auditLogInfo.Url,
            ClientIp     = auditLogInfo.ClientIp,
            Duration     = auditLogInfo.ExecutionDuration,
            StatusCode   = auditLogInfo.HttpStatusCode,
            CreatedAt    = auditLogInfo.ExecutionTime
        };
        await _repository.InsertAsync(log);
    }
}

Configuration

{
  "auditing": {
    "isEnabled": true,
    "isEnabledForAnonymousUsers": false,
    "isEnabledForGetRequests": false,
    "ignoredUrls": [
      "/health",
      "/swagger"
    ]
  }
}

Option	Default	Description
`isEnabled`	`true`	Enable/disable audit logging
`isEnabledForAnonymousUsers`	`false`	Log unauthenticated requests
`isEnabledForGetRequests`	`false`	Log read-only GET requests
`ignoredUrls`	`[]`	URL patterns excluded from auditing