django-log-formatter-asim 1.2.0a0__tar.gz → 1.3.0__tar.gz

{django_log_formatter_asim-1.2.0a0 → django_log_formatter_asim-1.3.0}/PKG-INFO

@@ -1,21 +1,21 @@
-Metadata-Version: 2.3
+Metadata-Version: 2.4
 Name: django-log-formatter-asim
-Version: 1.2.0a0
+Version: 1.3.0
 Summary: Formats Django logs in ASIM format.
 License: MIT
+License-File: LICENSE
 Author: Department for Business and Trade Platform Team
 Author-email: sre-team@digital.trade.gov.uk
-Requires-Python: >=3.9,<4
+Requires-Python: >=3.10,<4
 Classifier: License :: OSI Approved :: MIT License
 Classifier: Programming Language :: Python :: 3
-Classifier: Programming Language :: Python :: 3.9
 Classifier: Programming Language :: Python :: 3.10
 Classifier: Programming Language :: Python :: 3.11
 Classifier: Programming Language :: Python :: 3.12
 Classifier: Programming Language :: Python :: 3.13
-Requires-Dist: ddtrace (>=3.2.1,<4.0.0)
-Requires-Dist: django (>=3,<5) ; python_version == "3.9"
-Requires-Dist: django (>=3,<6) ; python_version >= "3.10" and python_version < "4"
+Classifier: Programming Language :: Python :: 3.14
+Requires-Dist: ddtrace (>=3.2.1,<5)
+Requires-Dist: django (>=4.2,<7)
 Requires-Dist: django-ipware (>=7.0.1,<8.0.0)
 Description-Content-Type: text/markdown
 
@@ -77,6 +77,101 @@ LOGGING = {
 In this example we assign the ASIM formatter to a `handler` and ensure both `root` and `django` loggers use this `handler`.
 We then set `propagate` to `False` on the `django` logger, to avoid duplicating logs at the root level.
 
+### Settings
+
+`DLFA_LOG_PERSONALLY_IDENTIFIABLE_INFORMATION` - the formatter checks this setting to see if personally identifiable information should be logged. If this is not set to true, only the user's id is logged.
+
+`DLFA_TRACE_HEADERS` - used for defining custom zipkin headers, the defaults is `("X-Amzn-Trace-Id")`, but for applications hosted in GOV.UK PaaS you should use `("X-B3-TraceId", "X-B3-SpanId")`. If you are running your application in both places side by side during migration, the following should work in your Django settings:
+
+```python
+from dbt_copilot_python.utility import is_copilot
+
+if is_copilot():
+   DLFA_TRACE_HEADERS = ("X-B3-TraceId", "X-B3-SpanId")
+```
+
+`DLFA_INCLUDE_RAW_LOG` - By default the original unformatted log is not included in the ASIM formatted log. You can enable that by setting this to `True` and it will be included in `AddidtionalFields.RawLog`.
+
+> [!WARNING]
+> Setting `DLFA_INCLUDE_RAW_LOG` to `True` will cause additional private fields to be output to your logs.
+> This could include secrets, such as AWS Access Keys, private HTTP Request data, or personally identifiable information.
+> This setting is not recommended for a production environment.
+
+### Serialisation behaviour
+
+The package provides one `logging.Formatter` class, `ASIMFormatter` which routes log messages to a serialiser
+which generates a python dict which the formatter converts to a JSON string and prints to standard output.
+
+It has a generic serialiser called `ASIMRootFormatter` and a custom serlializer for log messages where the
+logger is `django.request`.
+
+``` python
+    ASIM_FORMATTERS = {
+        "root": ASIMRootFormatter,
+        "django.request": ASIMRequestFormatter,
+    }
+```
+
+#### ASIMRootFormatter
+
+This serialiser outputs the following ASIM fields.
+
+- `EventSchema` = `ProcessEvent`
+- `ActingAppType` = `Django`
+- `AdditionalFields[DjangoLogFormatterAsimVersion]`
+- `EventSchemaVersion`
+- `EventMessage`
+- `EventCount`
+- `EventStartTime`
+- `EventEndTime`
+- `EventType`
+- `EventResult`
+- `EventSeverity`
+- `EventOriginalSeverity`
+
+Additionally, the following DataDog fields where available:
+
+- `dd.trace_id`
+- `dd.span_id`
+- `env`
+- `service`
+- `version`
+
+
+#### ASIMRequestFormatter
+
+This serialiser outputs the following ASIM fields in addition to the ones from ASIMRootFormatter.
+It is coupled to the datastructure provided by the `django.request` logger.
+The `django.request` logger only outputs requests where the response code is 4xx/5xx.
+
+- `SrcIpAddr` and `IpAddr`
+- `SrcPortNumber`
+- `SrcUserId` and `SrcUsername`
+- `HttpUserAgent`
+- `AdditionalFields["TraceHeaders"][trace_header_name]` - See `DLFA_TRACE_HEADERS` setting for more information.
+
+#### Creating a custom serialiser
+
+If you wish to create your own ASIM serialiser, you can inherit from `ASIMRootFormatter` and call
+`super().get_log_dict()` to get the base level logging data for augmentation:
+
+``` python
+    class MyASIMFormatter(ASIMRootFormatter):
+        def get_log_dict(self):
+            log_dict = super().get_log_dict()
+
+            # Customise logger event
+
+            return log_dict
+```
+
+This serialiser can then be added to `ASIM_FORMATTERS`...
+
+```python
+ASIM_FORMATTERS["my_logger"] = MyASIMFormatter
+```
+
+
 ### ASIM Events
 
 The events mostly follow the Microsoft schema but have been tailored to Department of Business and Trade needs.
@@ -127,48 +222,114 @@ log_authentication(
 }
 ```
 
-### Settings
+#### File Activity event
 
-`DLFA_LOG_PERSONALLY_IDENTIFIABLE_INFORMATION` - the formatter checks this setting to see if personally identifiable information should be logged. If this is not set to true, only the user's id is logged.
+Following the [ASIM File Event Schema](https://learn.microsoft.com/en-us/azure/sentinel/normalization-schema-file-event).
 
-`DLFA_TRACE_HEADERS` - used for defining custom zipkin headers, the defaults is `("X-Amzn-Trace-Id")`, but for applications hosted in GOV.UK PaaS you should use `("X-B3-TraceId", "X-B3-SpanId")`. If you are running your application in both places side by side during migration, the following should work in your Django settings:
+```python
+# Example usage
+from django_log_formatter_asim.events import log_file_activity
 
-`DLFA_INCLUDE_RAW_LOG` - By default the original unformatted log is not included in the ASIM formatted log. You can enable that by setting this to `True` and it will be included in `AddidtionalFields.RawLog`.
+log_file_activity(
+    request,
+    event=log_file_activity.Event.FileCopied,
+    result=log_file_activity.Result.Success,
+    file={
+        "path": "/tmp/copied.txt",
+        "content_type": "text/plain",
+        "extension": "txt",
+        "name": "copied.txt",
+        "sha256": "6798b7a132f37a0474002dec538ec52bdcd5f7b76e49e52c8a3d2016ca8d1d18",
+        "size": 14,
+    },
+    # source_file is only necessary if the event is one of FileRenamed, FileMoved, FileCopied, FolderMoved
+    source_file={
+        "path": "/tmp/original.txt",
+        "content_type": "text/plain",
+        "extension": "txt",
+        "name": "original.txt",
+        "sha256": "6798b7a132f37a0474002dec538ec52bdcd5f7b76e49e52c8a3d2016ca8d1d18",
+        "size": 14,
+    },
+)
 
-```python
-from dbt_copilot_python.utility import is_copilot
+# Example JSON printed to standard output
+{
+    # Values provided as arguments
+    "EventType": "FileCopied",
+    "EventResult": "Success",
 
-if is_copilot():
-   DLFA_TRACE_HEADERS = ("X-B3-TraceId", "X-B3-SpanId")
-```
+    "TargetFilePath": "/tmp/copied.txt",
+    "TargetFileName": "copied.txt",
+    "TargetFileExtension": "txt",
+    "TargetFileMimeType": "text/plain",
+    "TargetFileSHA256": "6798b7a132f37a0474002dec538ec52bdcd5f7b76e49e52c8a3d2016ca8d1d18",
+    "TargetFileSize": 14,
 
-### Formatter classes
+    "SrcFilePath": "/tmp/original.txt",
+    "SrcFileName": "original.txt",
+    "SrcFileExtension": "txt",
+    "SrcFileMimeType": "text/plain",
+    "SrcFileSHA256": "6798b7a132f37a0474002dec538ec52bdcd5f7b76e49e52c8a3d2016ca8d1d18",
+    "SrcFileSize": 14,
 
-``` python
-    ASIM_FORMATTERS = {
-        "root": ASIMSystemFormatter,
-        "django.request": ASIMRequestFormatter,
-    }
-```
+    # Calculated / Hard coded fields
+    "EventStartTime": "2025-07-30T11:05:09.406460+00:00",
+    "EventSchema": "FileEvent",
+    "EventSchemaVersion": "0.2.1",
+    "EventSeverity": "Informational",
 
-The default class for other loggers is:
+    # Taken from Django HttpRequest object
+    "HttpHost": "WebServer.local",
+    "SrcIpAddr": "192.168.1.101",
+    "TargetUrl": "https://WebServer.local/steel",
+    "TargetUsername": "Adrian"
 
-``` python
-    ASIMSystemFormatter
+    # Taken from DBT Platform environment variables
+    "TargetAppName": "export-analytics-frontend",
+}
 ```
 
-### Creating a custom `logging.Formatter`
+#### Account Management event
 
-If you wish to create your own ASIM formatter, you can inherit from ASIMSystemFormatter and call _get_event_base to get the base level logging data for use in augmentation:
+Following the [ASIM User Management Schema](https://learn.microsoft.com/en-us/azure/sentinel/normalization-schema-user-management).
 
-``` python
-    class ASIMSystemFormatter(ASIMFormatterBase):
-        def get_event(self):
-            logger_event = self._get_event_base()
 
-            # Customise logger event
+```python
+# Example usage
+from django_log_formatter_asim.events import log_account_management
+
+log_account_management(
+    request,
+    event=log_account_management.Event.UserCreated,
+    result=log_account_management.Result.Success,
+    account={
+        "username": "Roger",
+    },
+)
+
+# Example JSON printed to standard output
+{
+    # Values provided as arguments
+    "EventType": "UserCreated",
+    "EventResult": "Success",
+    "TargetUsername": "Roger",
 
-            return logger_event
+    # Calculated / Hard coded fields
+    "EventStartTime": "2025-07-30T11:05:09.406460+00:00",
+    "EventSchema": "UserManagement",
+    "EventSchemaVersion": "0.1.1",
+    "EventSeverity": "Informational",
+
+    # Taken from Django HttpRequest object
+    "HttpHost": "WebServer.local",
+    "SrcIpAddr": "192.168.1.101",
+    "TargetUrl": "https://WebServer.local/admin/create-user",
+    "ActorUsername": "Adrian"
+
+    # Taken from DBT Platform environment variables
+    "TargetAppName": "export-analytics-frontend",
+}
 ```
 
 ## Dependencies
@@ -203,6 +364,8 @@ Or, run `poetry run tox` in the root directory to run all tests for multiple Pyt
 
 ### Publishing
 
+Create a pull request to update the [CHANGELOG.md](./CHANGELOG.md) and also create a [create a release in GitHub](https://docs.github.com/en/repositories/releasing-projects-on-github/managing-releases-in-a-repository#creating-a-release) for your new version.
+
 1. Acquire API token from [Passman](https://passman.ci.uktrade.digital/secret/cc82a3f7-ddfa-4312-ab56-1ff8528dadc8/).
    - Request access from the SRE team.
    - _Note: You will need access to the `platform` group in Passman._

{django_log_formatter_asim-1.2.0a0 → django_log_formatter_asim-1.3.0}/README.md

@@ -56,6 +56,101 @@ LOGGING = {
 In this example we assign the ASIM formatter to a `handler` and ensure both `root` and `django` loggers use this `handler`.
 We then set `propagate` to `False` on the `django` logger, to avoid duplicating logs at the root level.
 
+### Settings
+
+`DLFA_LOG_PERSONALLY_IDENTIFIABLE_INFORMATION` - the formatter checks this setting to see if personally identifiable information should be logged. If this is not set to true, only the user's id is logged.
+
+`DLFA_TRACE_HEADERS` - used for defining custom zipkin headers, the defaults is `("X-Amzn-Trace-Id")`, but for applications hosted in GOV.UK PaaS you should use `("X-B3-TraceId", "X-B3-SpanId")`. If you are running your application in both places side by side during migration, the following should work in your Django settings:
+
+```python
+from dbt_copilot_python.utility import is_copilot
+
+if is_copilot():
+   DLFA_TRACE_HEADERS = ("X-B3-TraceId", "X-B3-SpanId")
+```
+
+`DLFA_INCLUDE_RAW_LOG` - By default the original unformatted log is not included in the ASIM formatted log. You can enable that by setting this to `True` and it will be included in `AddidtionalFields.RawLog`.
+
+> [!WARNING]
+> Setting `DLFA_INCLUDE_RAW_LOG` to `True` will cause additional private fields to be output to your logs.
+> This could include secrets, such as AWS Access Keys, private HTTP Request data, or personally identifiable information.
+> This setting is not recommended for a production environment.
+
+### Serialisation behaviour
+
+The package provides one `logging.Formatter` class, `ASIMFormatter` which routes log messages to a serialiser
+which generates a python dict which the formatter converts to a JSON string and prints to standard output.
+
+It has a generic serialiser called `ASIMRootFormatter` and a custom serlializer for log messages where the
+logger is `django.request`.
+
+``` python
+    ASIM_FORMATTERS = {
+        "root": ASIMRootFormatter,
+        "django.request": ASIMRequestFormatter,
+    }
+```
+
+#### ASIMRootFormatter
+
+This serialiser outputs the following ASIM fields.
+
+- `EventSchema` = `ProcessEvent`
+- `ActingAppType` = `Django`
+- `AdditionalFields[DjangoLogFormatterAsimVersion]`
+- `EventSchemaVersion`
+- `EventMessage`
+- `EventCount`
+- `EventStartTime`
+- `EventEndTime`
+- `EventType`
+- `EventResult`
+- `EventSeverity`
+- `EventOriginalSeverity`
+
+Additionally, the following DataDog fields where available:
+
+- `dd.trace_id`
+- `dd.span_id`
+- `env`
+- `service`
+- `version`
+
+
+#### ASIMRequestFormatter
+
+This serialiser outputs the following ASIM fields in addition to the ones from ASIMRootFormatter.
+It is coupled to the datastructure provided by the `django.request` logger.
+The `django.request` logger only outputs requests where the response code is 4xx/5xx.
+
+- `SrcIpAddr` and `IpAddr`
+- `SrcPortNumber`
+- `SrcUserId` and `SrcUsername`
+- `HttpUserAgent`
+- `AdditionalFields["TraceHeaders"][trace_header_name]` - See `DLFA_TRACE_HEADERS` setting for more information.
+
+#### Creating a custom serialiser
+
+If you wish to create your own ASIM serialiser, you can inherit from `ASIMRootFormatter` and call
+`super().get_log_dict()` to get the base level logging data for augmentation:
+
+``` python
+    class MyASIMFormatter(ASIMRootFormatter):
+        def get_log_dict(self):
+            log_dict = super().get_log_dict()
+
+            # Customise logger event
+
+            return log_dict
+```
+
+This serialiser can then be added to `ASIM_FORMATTERS`...
+
+```python
+ASIM_FORMATTERS["my_logger"] = MyASIMFormatter
+```
+
+
 ### ASIM Events
 
 The events mostly follow the Microsoft schema but have been tailored to Department of Business and Trade needs.
@@ -106,48 +201,114 @@ log_authentication(
 }
 ```
 
-### Settings
+#### File Activity event
 
-`DLFA_LOG_PERSONALLY_IDENTIFIABLE_INFORMATION` - the formatter checks this setting to see if personally identifiable information should be logged. If this is not set to true, only the user's id is logged.
+Following the [ASIM File Event Schema](https://learn.microsoft.com/en-us/azure/sentinel/normalization-schema-file-event).
 
-`DLFA_TRACE_HEADERS` - used for defining custom zipkin headers, the defaults is `("X-Amzn-Trace-Id")`, but for applications hosted in GOV.UK PaaS you should use `("X-B3-TraceId", "X-B3-SpanId")`. If you are running your application in both places side by side during migration, the following should work in your Django settings:
+```python
+# Example usage
+from django_log_formatter_asim.events import log_file_activity
 
-`DLFA_INCLUDE_RAW_LOG` - By default the original unformatted log is not included in the ASIM formatted log. You can enable that by setting this to `True` and it will be included in `AddidtionalFields.RawLog`.
+log_file_activity(
+    request,
+    event=log_file_activity.Event.FileCopied,
+    result=log_file_activity.Result.Success,
+    file={
+        "path": "/tmp/copied.txt",
+        "content_type": "text/plain",
+        "extension": "txt",
+        "name": "copied.txt",
+        "sha256": "6798b7a132f37a0474002dec538ec52bdcd5f7b76e49e52c8a3d2016ca8d1d18",
+        "size": 14,
+    },
+    # source_file is only necessary if the event is one of FileRenamed, FileMoved, FileCopied, FolderMoved
+    source_file={
+        "path": "/tmp/original.txt",
+        "content_type": "text/plain",
+        "extension": "txt",
+        "name": "original.txt",
+        "sha256": "6798b7a132f37a0474002dec538ec52bdcd5f7b76e49e52c8a3d2016ca8d1d18",
+        "size": 14,
+    },
+)
 
-```python
-from dbt_copilot_python.utility import is_copilot
+# Example JSON printed to standard output
+{
+    # Values provided as arguments
+    "EventType": "FileCopied",
+    "EventResult": "Success",
 
-if is_copilot():
-   DLFA_TRACE_HEADERS = ("X-B3-TraceId", "X-B3-SpanId")
-```
+    "TargetFilePath": "/tmp/copied.txt",
+    "TargetFileName": "copied.txt",
+    "TargetFileExtension": "txt",
+    "TargetFileMimeType": "text/plain",
+    "TargetFileSHA256": "6798b7a132f37a0474002dec538ec52bdcd5f7b76e49e52c8a3d2016ca8d1d18",
+    "TargetFileSize": 14,
 
-### Formatter classes
+    "SrcFilePath": "/tmp/original.txt",
+    "SrcFileName": "original.txt",
+    "SrcFileExtension": "txt",
+    "SrcFileMimeType": "text/plain",
+    "SrcFileSHA256": "6798b7a132f37a0474002dec538ec52bdcd5f7b76e49e52c8a3d2016ca8d1d18",
+    "SrcFileSize": 14,
 
-``` python
-    ASIM_FORMATTERS = {
-        "root": ASIMSystemFormatter,
-        "django.request": ASIMRequestFormatter,
-    }
-```
+    # Calculated / Hard coded fields
+    "EventStartTime": "2025-07-30T11:05:09.406460+00:00",
+    "EventSchema": "FileEvent",
+    "EventSchemaVersion": "0.2.1",
+    "EventSeverity": "Informational",
 
-The default class for other loggers is:
+    # Taken from Django HttpRequest object
+    "HttpHost": "WebServer.local",
+    "SrcIpAddr": "192.168.1.101",
+    "TargetUrl": "https://WebServer.local/steel",
+    "TargetUsername": "Adrian"
 
-``` python
-    ASIMSystemFormatter
+    # Taken from DBT Platform environment variables
+    "TargetAppName": "export-analytics-frontend",
+}
 ```
 
-### Creating a custom `logging.Formatter`
+#### Account Management event
 
-If you wish to create your own ASIM formatter, you can inherit from ASIMSystemFormatter and call _get_event_base to get the base level logging data for use in augmentation:
+Following the [ASIM User Management Schema](https://learn.microsoft.com/en-us/azure/sentinel/normalization-schema-user-management).
 
-``` python
-    class ASIMSystemFormatter(ASIMFormatterBase):
-        def get_event(self):
-            logger_event = self._get_event_base()
 
-            # Customise logger event
+```python
+# Example usage
+from django_log_formatter_asim.events import log_account_management
+
+log_account_management(
+    request,
+    event=log_account_management.Event.UserCreated,
+    result=log_account_management.Result.Success,
+    account={
+        "username": "Roger",
+    },
+)
+
+# Example JSON printed to standard output
+{
+    # Values provided as arguments
+    "EventType": "UserCreated",
+    "EventResult": "Success",
+    "TargetUsername": "Roger",
 
-            return logger_event
+    # Calculated / Hard coded fields
+    "EventStartTime": "2025-07-30T11:05:09.406460+00:00",
+    "EventSchema": "UserManagement",
+    "EventSchemaVersion": "0.1.1",
+    "EventSeverity": "Informational",
+
+    # Taken from Django HttpRequest object
+    "HttpHost": "WebServer.local",
+    "SrcIpAddr": "192.168.1.101",
+    "TargetUrl": "https://WebServer.local/admin/create-user",
+    "ActorUsername": "Adrian"
+
+    # Taken from DBT Platform environment variables
+    "TargetAppName": "export-analytics-frontend",
+}
 ```
 
 ## Dependencies
@@ -182,6 +343,8 @@ Or, run `poetry run tox` in the root directory to run all tests for multiple Pyt
 
 ### Publishing
 
+Create a pull request to update the [CHANGELOG.md](./CHANGELOG.md) and also create a [create a release in GitHub](https://docs.github.com/en/repositories/releasing-projects-on-github/managing-releases-in-a-repository#creating-a-release) for your new version.
+
 1. Acquire API token from [Passman](https://passman.ci.uktrade.digital/secret/cc82a3f7-ddfa-4312-ab56-1ff8528dadc8/).
    - Request access from the SRE team.
    - _Note: You will need access to the `platform` group in Passman._

django_log_formatter_asim-1.3.0/django_log_formatter_asim/events/__init__.py

@@ -0,0 +1,7 @@
+from .account_management import LogAccountManagement
+from .authentication import LogAuthentication
+from .file_activity import LogFileActivity
+
+log_account_management = LogAccountManagement()
+log_authentication = LogAuthentication()
+log_file_activity = LogFileActivity()

django_log_formatter_asim-1.3.0/django_log_formatter_asim/events/account_management.py

@@ -0,0 +1,133 @@
+import datetime
+import json
+from enum import Enum
+from typing import Optional
+from typing import TypedDict
+
+from django.http import HttpRequest
+
+from .common import Activity
+from .common import Client
+from .common import LoggedInUser
+from .common import Result
+from .common import Server
+from .common import Severity
+
+
+class FileActivityEvent(str, Enum):
+    UserCreated = "UserCreated"
+    UserDeleted = "UserDeleted"
+    UserModified = "UserModified"
+    UserLocked = "UserLocked"
+    UserUnlocked = "UserUnlocked"
+    UserDisabled = "UserDisabled"
+    UserEnabled = "UserEnabled"
+    PasswordChanged = "PasswordChanged"
+    PasswordReset = "PasswordReset"
+    GroupCreated = "GroupCreated"
+    GroupDeleted = "GroupDeleted"
+    GroupModified = "GroupModified"
+    UserAddedToGroup = "UserAddedToGroup"
+    UserRemovedFromGroup = "UserRemovedFromGroup"
+    GroupEnumerated = "GroupEnumerated"
+    UserRead = "UserRead"
+    GroupRead = "GroupRead"
+
+
+class Account(TypedDict, total=False):
+    """Dictionary to represent details of the account management event."""
+
+    """
+    If a user was managed, the username of that user
+    """
+    username: Optional[str]
+    """If a group was managed, the name of the group."""
+    group: Optional[str]
+    """
+    If the Account Management event is one of the following.
+
+    - UserModified
+    - GroupModified
+
+    Details of the property which was changed, in the form:
+        ("propertyName", "oldValue", "newValue")
+    """
+    changed: tuple[str, str, str]
+
+
+class LogAccountManagement(Activity):
+    Event = FileActivityEvent
+    Result = Result
+    Severity = Severity
+
+    def __call__(
+        self,
+        request: HttpRequest,
+        event: Event,
+        account: Account,
+        result: Result,
+        user: Optional[LoggedInUser] = None,
+        server: Optional[Server] = None,
+        client: Optional[Client] = None,
+        severity: Optional[Severity] = None,
+        time_generated: Optional[datetime.datetime] = None,
+        result_details: Optional[str] = None,
+        message: Optional[str] = None,
+    ):
+        self._log_account_management(
+            request,
+            event,
+            account,
+            result,
+            {} if user == None else user,
+            {} if server == None else server,
+            {} if client == None else client,
+            time_generated or datetime.datetime.now(tz=datetime.timezone.utc),
+            severity,
+            result_details,
+            message,
+        )
+
+    def _log_account_management(
+        self,
+        request: HttpRequest,
+        event: Event,
+        account: Account,
+        result: Result,
+        user: LoggedInUser,
+        server: Server,
+        client: Client,
+        event_created: datetime.datetime,
+        severity: Optional[Severity] = None,
+        result_details: Optional[str] = None,
+        message: Optional[str] = None,
+    ):
+        log = {
+            "EventSchema": "UserManagement",
+            "EventSchemaVersion": "0.1.1",
+            "EventType": event,
+        }
+        log.update(
+            self._activity_fields(
+                request, event_created, result, server, client, severity, result_details, message
+            )
+        )
+
+        if "username" in user:
+            log["ActorUsername"] = user["username"]
+        elif hasattr(request, "user") and request.user.username:
+            log["ActorUsername"] = request.user.username
+
+        if "username" in account:
+            log["TargetUsername"] = account["username"]
+
+        if "group" in account:
+            log["GroupName"] = account["group"]
+
+        if "changed" in account:
+            (propertyName, previousPropertyValue, newPropertyName) = account["changed"]
+            log["UpdatedPropertyName"] = propertyName
+            log["PreviousPropertyValue"] = previousPropertyValue
+            log["NewPropertyValue"] = newPropertyName
+
+        print(json.dumps(log), flush=True)