Audit Logging
In addition to this guide, you can also find a full, working example of a Builder Vault instance configured with audit logging in the audit-example folder in our demo repository.
An MPC node can be configured to do audit logging.
From a security perspective it is important that the audit log is kept separate from the MPC node itself. Blockdaemon delivers an audit log service that can receive audit log messages from the MPC nodes in a Builder Vault instance. Each MPC node will offload its audit log entries to the audit log service. The Blockdaemon audit log service can be exchanged with any external service that accepts log entries in JSON format, additionally Amazon S3 is also supported.
Even though every MPC operation produces audit log entries on multiple servers it is quite easy for non-technical auditors to get a system-wide view of the audit log with one entry pr (logical) operation.
The content of an audit log entry varies depending on the operation. Some fields, however, are common for all or at least most operations: timestamp, userID, operation.
Below is an example of an audit log view:
| Timestamp | UserID | Algorithm | Operation | KeyID | Parameters |
|---|---|---|---|---|---|
| 30/04/2020, 20:15:57 | Admin | Create user | userID=myUser | ||
| 01/05/2020, 21:21:57 | myUser | ECDSA | Keygen | ifyCwxrzzEaM3ePD40j6LtzQ7xo | |
| 01/05/2020, 21:22:29 | myUser | ECDSA | Sign | ifyCwxrzzEaM3ePD40j6LtzQ7xo | chainPath=[4,1,1,1,2] |
Updated 5 days ago