AuditLog as a Service

AuditLog is "Audit Trails -as-a-Service" for your customers. For folks running SaaS and similar products, rich, customer-accessible audit logs are one of those topics that keep coming up, but tend to end up back on the backlog behind features that will help customers build more revenue. Or we put somethign together in an afternoon that sort-of meets the need and makes us wince every time we show it to someone.

Need to start checking those boxes on Enterprise compliance docs? Or provide more transparency to customers? Or just replace that thing that makes you wince without spending a couple weeks to get there?

Drop-in component for your customers

AuditLog takes a bunch of the work off your plate and offers features (and ongoing support) that help scrappy groups self-support and compliance-minded folks check off boxes.

1. Send events to the well-documented API

2. Add a few lines of code to an empty, authenticated page on your site:

    <div id="audit-log"></div>
    <script src="https://app.auditlog.co/dropin/dropin.js"></script>
    <script>
        auditLog({
            view: '{your-view-id}',
            accessKey: '{your-view-access-key}',
            clientId: '{your-client-id}',
            target: 'audit-log',
            host: 'https://app.auditlog.co'
        });
    </script>

3. Get back to revenue generation

In the meantime, the app has you covered on:

• Data retention
• GDPR privacy support
• Exports for security folks
• Data encryption at rest and transport
• and more...

AuditLog Marketing Site

Blog Posts

There are a few technology blog posts that I wrote while prototyping and building this service:

• ASP.Net Core 2 w/ Cosmos DB: Getting Started
• Custom Authentication in ASP.Net Core 2 w/ Cosmos DB
• Adding Twitter Authentication to an ASP.Net Core 2 site w/ Cosmos DB
• Adding User-Managed API Keys to ASP.Net Core 2 w/ Cosmos DB
• Filtered Swagger docs for ASP.Net Core 2.0

Some technology choices also leaned on findings from the LaunchReady application.

Technology

AuditLog is hosted in Azure and composed of the application and separate marketing site.

Application Technology

The application is hosted on Azure App Services with Application Insights wired in for traffic analysis, site monitoring, and visibility.

The backend uses ASP.Net Core on .Net Core and primarily uses Azure SQL Database for persistence. The AsyncPoco library is used for data persistence logic. Swashbuckle is used to produce Swagger API documentation for the public API, along with various other libraries for API versioning, password hashing, and similar security-related concerns.

The frontend uses KnockoutJS for view binding, Browserify for modules and bundling, D3.js for charting, SCSS for styling, and a few other odds and ends. The build process uses gulp and eslint.

The drop-in component uses a similar set of technologies as the frontend, but is built as a seperate component to reduce the payload size and run in an iframe.

Marketing Site

The marketing site is static generated via the metalsmith nodejs package, covered in this post: Creating a Static-Generated Marketing Site

The API documentation uses the Swagger JSON generated by the application to generate up to date public API documentation:

Detailed API Documents

Keeping the documentation up to date is transparent, handled by a customer metalsmith plugin that refreshes the content automatically from the Swagger and will soon support more language examples than the basic cUrl ones.

Continuous Delivery Pipeline

The delivery pipeline for the application is managed by TeamCity. The process includes automated blue/green deployment to Azure App Service, including automatically applying changes to the database and warming up new deployments. Current time from pushing a commit to master to running in production is currently ~5 minutes total for all steps.