Thank you Mark for the information. This is very useful but unfortunately it doesn't give all the details that are needed for my use case. I am looking for specifically details like client ip where the rpc is originated from, user who issued the rpc, client certificate to read commonName, etc.
on mtls(other cases work), audit logging api is hitting a GPR_ASSERT, any idea what could be missing ? [audit_logging.cc:57] ASSERTION FAILED: registry->logger_factories_map_.emplace(name, std::move(factory)).second Once again thank you for all your input, I really appreciate it. On Monday, January 27, 2025 at 12:02:44 PM UTC-8 Mark D. Roth wrote: > There is an experimental audit logging API you can use for this. See gRFC > A59 <https://github.com/grpc/proposal/blob/master/A59-audit-logging.md> > for details. The actual exposed C++ API for you to use is here > <https://github.com/grpc/grpc/blob/master/include/grpcpp/security/audit_logging.h> > . > > On Wednesday, January 15, 2025 at 3:07:26 PM UTC-8 Rameshreddy Mudhireddy > wrote: > >> Hi Dev team, >> >> Is there a way to log policy based authorization failures using grpc-c++ >> libs. >> Typical flow includes >> >> std::shared_ptr<grpc::experimental::AuthorizationPolicyProviderInterface> >> provider = >> grpc::experimental::FileWatcherAuthorizationPolicyProvider::Create(policyFile, >> >> 10, &status) >> builder.experimental().SetAuthorizationPolicyProvider(provider); >> >> This will load the policy file and authorize the incoming rpc requests. >> Are there any hooks available to interact with the policy engine to log the >> denied rpcs requests? >> >> Appreciate your feedback, Thank you. >> > -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to grpc-io+unsubscr...@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/grpc-io/8e0d0f81-6efd-43c5-9bea-41ce2a8db489n%40googlegroups.com.
