Lowe’s Auditor – The Complete Guide to Lowe’s JVM Audit framework

An audit log is essentially a document that tracks and captures any changes happening to underlying systems. A good auditing framework ensures that all changes are versioned, captured, maintained, and search enabled as per the business and legal requirements. Most companies use java applications to perform auditing.

Why Auditing Functionality is Important in JVM Apps?
Auditing is generally a cross-cutting concern for numerous applications that support business or legal processes and workflows. There are some solutions available for this concern, such as Javers, Audit4J, Log4j Audit, etc. that provide auditing functionality for various java applications. Many of these applications focus on capturing and storing the audit information in a filesystem or database directly.

While this may be desirable in most cases, it tends to become a challenge when microservices need to cater to high requests throughput. Some other obstacles may also arise when aggregating audit information collected from hundreds of microservices. In such a scenario, companies need to decouple audits from their business flows while ensuring consistency and performance is not compromised. The Auditor is one such attempt that addresses this issue. It offers a client library, a spring boot starter library and an app server that captures audit events across all the distributed applications.

Lowe’s Auditor – Making Auditing a Breeze for Engineers
Lowe’s Auditor, developed by Lowe’s India team is an easy-to-use open-source auditing application that is based on Java Virtual Machine. This JVM Auditor makes the auditing process easy and convenient which increases operational efficiency and aids compliance-related functions. It has been created as an open-source framework to assist other engineers and professionals using Java/JVM. Here are some of the main features of Lowe’s Auditor:

  • Asynchronous – Auditing occurs asynchronously on a different thread pool with retries to ensure eventual consistency is maintained.
  • Efficient – Lowe’s Auditor embedded within an application uses a project reactor behind the scenes to efficiently use the system’s hardware.
  • Performant – Lowe’s Auditor utilizes Jackson-afterburner for fulfilling serialization needs, making it both fast and performant.
  • Scalable – Lowe’s Auditor leverages Kafka as an event streaming platform. Thus, the engineers can benefit from the innate scalability feature of Kafka.
  • Configurable – Lowe’s Auditor is highly configurable and capable of meeting various applications’ custom requirements ranging from filtering, logging, and decorating audit events such as static data and dynamic templating. Therefore, it can support both startup and runtime/dynamic configurations.
  • Pluggable – The auditor’s client library can be easily integrated with any JVM application. The client library provides simple one-liner APIs for smooth and seamless integration. It also offers integration with standalone or spring boot starter module. The spring boot starter client library is built for applications that use the spring boot framework with the added benefit of a pre-initialized auditor instance.

The audit enables businesses to have a better and clear understanding of their current business workflows and track history in case of conflicts. And with auditing functions embedded in the applications used for analyzing business functions, management can find possible pathways toward future success. Lowe’s Auditor aims at solving this pain point. It has been designed and developed to enhance the computational efficiency of distributed microservices and at the same time increase the operational efficiency of engineers and enterprises while capturing audits. You can learn more about Lowe’s Auditor on GitHub https://github.com/lowes/auditor.