explainx.ainewsletter3.02k
Productivity

security-audit-logging

aj-geddes/useful-ai-prompts · updated Apr 8, 2026

$npx skills add https://github.com/aj-geddes/useful-ai-prompts --skill security-audit-logging
0 commentsdiscussion
summary

Implement comprehensive audit logging for security events, user actions, and system changes with structured logging, retention policies, and SIEM integration.

skill.md

Security Audit Logging

Table of Contents

Overview

Implement comprehensive audit logging for security events, user actions, and system changes with structured logging, retention policies, and SIEM integration.

When to Use

  • Compliance requirements (SOC 2, HIPAA, PCI-DSS)
  • Security monitoring
  • Forensic investigations
  • User activity tracking
  • System change auditing
  • Breach detection

Quick Start

Minimal working example:

// audit-logger.js
const winston = require("winston");
const { ElasticsearchTransport } = require("winston-elasticsearch");

class AuditLogger {
  constructor() {
    this.logger = winston.createLogger({
      level: "info",
      format: winston.format.combine(
        winston.format.timestamp(),
        winston.format.json(),
      ),
      transports: [
        // File transport
        new winston.transports.File({
          filename: "logs/audit.log",
          maxsize: 10485760, // 10MB
          maxFiles: 30,
          tailable: true,
        }),

        // Elasticsearch transport for SIEM
        new ElasticsearchTransport({
          level: "info",
          clientOpts: {
// ... (see reference guides for full implementation)

Reference Guides

Detailed implementations in the references/ directory:

Guide Contents
Node.js Audit Logger Node.js Audit Logger
Python Audit Logging System Python Audit Logging System
Java Audit Logging Java Audit Logging

Best Practices

✅ DO

  • Log all security events
  • Use structured logging
  • Include timestamps (UTC)
  • Log user context
  • Implement log retention
  • Encrypt sensitive logs
  • Monitor log integrity
  • Send to SIEM
  • Include request IDs

❌ DON'T

  • Log passwords/secrets
  • Log sensitive PII unnecessarily
  • Skip failed attempts
  • Allow log tampering
  • Store logs insecurely
  • Ignore log analysis

Discussion

Product Hunt–style comments (not star reviews)
  • No comments yet — start the thread.
general reviews

Ratings

4.753 reviews
  • Nia Kapoor· Dec 24, 2024

    security-audit-logging is among the better-maintained entries we tried; worth keeping pinned for repeat workflows.

  • Tariq Ghosh· Dec 24, 2024

    security-audit-logging has been reliable in day-to-day use. Documentation quality is above average for community skills.

  • Shikha Mishra· Dec 12, 2024

    security-audit-logging fits our agent workflows well — practical, well scoped, and easy to wire into existing repos.

  • Sophia Wang· Dec 12, 2024

    Solid pick for teams standardizing on skills: security-audit-logging is focused, and the summary matches what you get after install.

  • Yuki Li· Dec 4, 2024

    Useful defaults in security-audit-logging — fewer surprises than typical one-off scripts, and it plays nicely with `npx skills` flows.

  • Amina Lopez· Nov 27, 2024

    security-audit-logging reduced setup friction for our internal harness; good balance of opinion and flexibility.

  • Tariq Gupta· Nov 15, 2024

    Solid pick for teams standardizing on skills: security-audit-logging is focused, and the summary matches what you get after install.

  • Tariq Mehta· Nov 15, 2024

    Keeps context tight: security-audit-logging is the kind of skill you can hand to a new teammate without a long onboarding doc.

  • Rahul Santra· Nov 3, 2024

    Registry listing for security-audit-logging matched our evaluation — installs cleanly and behaves as described in the markdown.

  • Ren Gupta· Nov 3, 2024

    I recommend security-audit-logging for anyone iterating fast on agent tooling; clear intent and a small, reviewable surface area.

showing 1-10 of 53

1 / 6