anyone know how to makes a secure audit log that will trace downloads
I’m not really sure what you’re looking for. Don’t the apache guys have something that logs all server actions?
There are a large number of ways to do a log of anything.
You can just post a text file to a protected or hidden folder. This is not as secure as a database. Easy to do. Individual text records are easy to delete and view. But, it does create clutter.
You can use the server’s own record system. This is easy if you own the system and are the server administrator. There are various ways to access these logs. But, I find it harder to follow these and since your programs have a way to send the download, you may find it much easier to just use your own system.
You can store records in a database table and purge them as they expire. Nowadays databases are easy to use and simple. I use this manner to log changes by users. You must have code in place already where the download is started and completed. Just add a record to your “logs” database. I added several fields that may be over-kill, but, comes in handy when problems occur. I add user-ID/User-Name, IP where download was sent to, timestamp of download and details of the transaction. The more data the better as you may need to use it as an audit trail in the future. Lastly, every time someone downloads, I run a quick query and purge ones that have expired. Expiration is important. Otherwise you fill up your storage system. Some records much be kept forever, such as userid’s and passwords. But, logs usually expire in a year or two. Depends on why you want to keep the records.
Well, there are some general ideas for you. Good luck…