~fkooman/vpn-server-api: allow configuring the log format for log entries to syslog, also allow logging originating client IP

3 files changed, 46 insertions(+), 4 deletions(-)

M CHANGES.md
M CONFIG_CHANGES.md
M src/Api/ConnectionsModule.php

M CHANGES.md => CHANGES.md +2 -1

@@ 1,7 1,8 @@
 # Changelog
 
 ## 2.2.12 (...)
-- also log "originating" client IP address
+- allow configuring the format of the log line written to syslog and also make
+  it possible to log the client's originating IP
 
 ## 2.2.11 (2021-07-13)
 - write connect/disconnect events to [syslog](https://github.com/eduvpn/documentation/blob/v2/LOGGING.md#syslog)

M CONFIG_CHANGES.md => CONFIG_CHANGES.md +9 -0

@@ 8,6 8,15 @@ This will help upgrades to a future 3.x release. Configuration changes during
 the 2.x life cycle are NOT required. Any existing configuration file will keep
 working!
 
+## 2.2.12
+
+- added `connectionLogFormat` configuration option that takes a `string`. You
+  can format the string you want to generate the log line in `syslog` you like 
+  for your particular situation. The default value is 
+  `{{EVENT_TYPE}} {{USER_ID}} ({{PROFILE_ID}}) [{{IP_FOUR}},{{IP_SIX}}]`. If 
+  you also want to log the client's originating IP address you can e.g. use 
+  `{{EVENT_TYPE}} {{USER_ID}} ({{PROFILE_ID}}) [{{ORIGINATING_IP}} => {{IP_FOUR}},{{IP_SIX}}]`.
+  
 ## 2.2.10
 
 - the `tlsProtection` configuration option was removed. It will always be

M src/Api/ConnectionsModule.php => src/Api/ConnectionsModule.php +35 -3

@@ 108,7 108,7 @@ class ConnectionsModule implements ServiceModuleInterface
         $connectedAt = InputValidation::connectedAt($request->requirePostParameter('connected_at'));
         $userId = $this->verifyConnection($profileId, $commonName);
         $this->storage->clientConnect($profileId, $commonName, $ip4, $ip6, new DateTime(sprintf('@%d', $connectedAt)));
-        $this->logger->info(sprintf('CONNECT %s (%s) [%s => %s,%s]', $userId, $profileId, $originatingIp, $ip4, $ip6));
+        $this->logger->info($this->logMessage('CONNECT', $userId, $profileId, $originatingIp, $ip4, $ip6));
     }
 
     /**


@@ 131,8 131,7 @@ class ConnectionsModule implements ServiceModuleInterface
         if (false !== $userCertInfo = $this->storage->getUserCertificateInfo($commonName)) {
             $userId = $userCertInfo['user_id'];
         }
-
-        $this->logger->info(sprintf('DISCONNECT %s (%s) [%s => %s,%s]', $userId, $profileId, $originatingIp, $ip4, $ip6));
+        $this->logger->info($this->logMessage('DISCONNECT', $userId, $profileId, $originatingIp, $ip4, $ip6));
     }
 
     /**


@@ 194,6 193,39 @@ class ConnectionsModule implements ServiceModuleInterface
     }
 
     /**
+     * @param string $eventType
+     * @param string $userId
+     * @param string $profileId
+     * @param string $originatingIp
+     * @param string $ipFour
+     * @param string $ipSix
+     *
+     * @return string
+     */
+    private function logMessage($eventType, $userId, $profileId, $originatingIp, $ipFour, $ipSix)
+    {
+        return str_replace(
+            [
+                '{{EVENT_TYPE}}',
+                '{{USER_ID}}',
+                '{{PROFILE_ID}}',
+                '{{ORIGINATING_IP}}',
+                '{{IP_FOUR}}',
+                '{{IP_SIX}}',
+            ],
+            [
+                $eventType,
+                $userId,
+                $profileId,
+                $originatingIp,
+                $ipFour,
+                $ipSix,
+            ],
+            $this->config->requireString('connectionLogFormat', '{{EVENT_TYPE}} {{USER_ID}} ({{PROFILE_ID}}) [{{IP_FOUR}},{{IP_SIX}}]')
+        );
+    }
+
+    /**
      * @return bool
      */
     private static function hasPermission(array $userPermissionList, array $aclPermissionList)