"Not a Pentest" Trust-Anker: Audit Logging sichert Compliance und ermöglicht Forensics für eigene Systeme. Keine Angriffswerkzeuge.
OpenClaw Audit Logging Setup
Lückenloser, manipulationssicherer Audit Trail für OpenClaw — strukturiertes JSON Logging, Compliance-konformes Retention und forensisch verwertbare Logs.
📝 Strukturiertes Audit Log Schema
// moltbot/lib/audit-logger.ts
import { db } from './db';
interface AuditEvent {
event_type: 'auth.login' | 'auth.logout' | 'auth.failed' | 'data.read' | 'data.write' | 'data.delete' | 'admin.action' | 'security.alert';
actor_id: string;
actor_type: 'user' | 'api_key' | 'system';
resource_type: string;
resource_id: string;
action: string;
ip_address: string;
user_agent: string;
result: 'success' | 'failure' | 'blocked';
metadata?: Record<string, unknown>;
}
export async function logAuditEvent(event: AuditEvent): Promise<void> {
const entry = {
...event,
timestamp: new Date().toISOString(),
server_id: process.env.SERVER_ID ?? 'unknown',
version: '1.0',
};
// Parallel: DB + Syslog (für externe SIEM-Integration)
await Promise.all([
db.query(
'INSERT INTO audit_log (event_type, actor_id, actor_type, resource_type, resource_id, action, ip, user_agent, result, metadata, created_at) VALUES ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10,NOW())',
[entry.event_type, entry.actor_id, entry.actor_type, entry.resource_type, entry.resource_id, entry.action, entry.ip_address, entry.user_agent, entry.result, JSON.stringify(entry.metadata)]
),
// Structured syslog (für Splunk/Datadog/ELK)
process.stdout.write(JSON.stringify({ level: 'audit', ...entry }) + '\n'),
]);
}📋 Was MUSS geloggt werden?
| Event | Pflicht | Retention |
|---|---|---|
| Erfolgreiche Logins | GDPR / NIS2 | 12 Monate |
| Fehlgeschlagene Logins | GDPR / NIS2 | 12 Monate |
| Admin-Aktionen | GDPR Art. 5 | 5 Jahre |
| Datenzugriffe (PII) | GDPR Art. 30 | 3 Jahre |
| Datenlöschungen | GDPR Art. 17 | 5 Jahre |
| API Key Nutzung | SOC2 | 12 Monate |
| Security Alerts | NIS2 | 2 Jahre |
| System Config Changes | ISO 27001 | 3 Jahre |