Rocket.Chat.Audit is an application and library to inspect and record all Rocket.Chat communications as required by your Compliance Department.
Out of the box, this application writes all audit logs to MongoDB. It is expected that a batch process will regularly import them into downstream auditing systems.
Rocket.Chat supports a "Keep Message History" setting but it loses the intermediate timestamps for all edits, which doesn't meet most compliance requirements.
If you need real-time journaling or have other audit requirements, it should be quite simple to fork and build on this framework. Patches are welcome. :)
Rocket.Chat.Audit operates by tailing the oplog, intercepting new and updated messages as well as File Uploads, and logging them to a separate audit mongodb database.
You can control how the oplog is tailed with the following common parameters:
Name | Flag | Option | Description |
---|---|---|---|
Host Name | -H |
--host |
MongoDB hostname or URI; defaults to localhost |
An ansible deployer is in included for Ubuntu 14.04. The steps will be similar for other distributions.
-
Convert your Rocket.Chat MongoDB from a standalone [to a replica set] (https://docs.mongodb.org/manual/tutorial/convert-standalone-to-replica-set/).
-
Configure your Rocket.Chat instance to store File Uploads on the File System.
-
Disable "Keep Message History" in Rocket.Chat to avoid edited messages appearing in your audit logs multiple times.
Prior to install, its best to figure out a few things. The installation itself is opinionated
out of the box but can configured however you want. The can all be configured in
deploy/config.yml
-
What user does Rocket.Chat run as? (
user
andgroup
) -
Where does Rocket.Chat store File Uploads? (
file_store
) -
Where do you want the audit logs stored? (
audit_dir
) -
Where do you want the audit file archive stored? This could take a lot of space! (
file_archive
)
-
Add your host names in
inventory
for your different environments. -
Update the
remote_user
inconfig.yaml
to SSH as this user. -
Make sure you have a public key on each host in your inventory for
remote_user
. -
Customize
config.yaml
for your installation. Options should be intuitive. -
To deploy to a specific environment
env
, runansible-playbook -i inventory deploy.yaml -e env=development
Ansible installs Rocket.Chat.Audit as a service named rocketchat.audit
.
You can start, stop, or check that status with
sudo service rocketchat.audit start
sudo service rocketchat.audit stop
sudo service rocketchat.audit status
Rocket.Chat.Audit is available under the Apache License, Version 2.0.
Copyright 2016 Peak6 Investments, L.P.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.