Audit Options - NEW! 🚀
The Audit tab in Data One tracks specific events, including when they occurred, the user who performed the action, and the entity affected. Audit logs are important for ensuring user accountability and maintaining system security.
Audit Tab Overview
The Audit tab allows administrators to monitor various types of activities, including:
- Platform configuration changes.
- Actions related to Actors, Users, Contracts, Client Connections, File Event Listeners, etc.
- Internal user authentication activities.
Tracked Actions
Some examples of the actions that are tracked and logged include:
- Creation, deletion, and modification of entities
- Login and logout activities
- Password changes
- Audit configuration changes
For instance, when a user creates a contract, the audit log will record a detailed entry showing the essential parameters, such as the user’s name and the contract ID, ensuring that every action on the platform is thoroughly tracked.
Managing Audit Configuration
Administrators can manage the audit configuration by following these steps:
- Go to Monitoring → Logs → Audit tab.
- Click on the Manage button to open the Manage window, allowing you to:
- Log configurations changes: enable or disable auditing.
- Set Retention period (in months) * : define how many months audit data should remain on the platform.
- Archive audit logs: enable this option to save the audit logs to a file with a unique name in the CEMAN shared folder after the expiration period. If, for some reasons, the logs cannot be saved, an error will be logged on the message.log of the CEMAN and the logs are not deleted from the database.
Permissions
Access to audit logs is controlled by specific permissions, listed in the Permissions tab - see the Creating Internal Users page.
- AUDITLOGSVIEW: it grants the user the ability to view audit logs. Users with this permission can access the audit tab and table.
- AUDITLOGSMANAGE: it grants the user the ability to modify audit configurations.
Audit Log Columns
Default Columns
The following columns are always available and cannot be removed from the Audit table:
- Timestamp: the exact time the event occurred.
- Message Code: a code assigned to the message shown in the Message column. It is useful when searching for specific messages. Refer to the Audit Message Codes page for the complete list of codes.
- Message: the description of the audit event. Details are available on the Audit Message Codes page.
- Data One User: the name of the user who performed the action.
- Audited Operation: the type of operation that occurred (e.g., create, modify, delete, password change, login, logout, audit enablement/disablement).
- Entity: the name of the element instance that is generally defined by the user (e.g. CONTRACT FILE PUSH).
- For LOGIN and LOGOUT actions, the entity is the name of the Ceman cluster.
- For PASSWORD CHANGE actions, the entity is the username of the user whose password was changed.
- Entities modified via APIs will also appear in audit entries.
Columns can be sorted in ascending or descending order.
Optional Columns
Administrators can enable additional columns by selecting them by clicking the icon on the toolbar:
- Module: the module involved in the operation.
- LCID (Log Correlation ID): the unique identifier for a session that may span multiple instances.
- Cluster: the cluster involved.
- Node: the node involved.
- Entity Type: the type of entity affected (refer to the List of Entity Types page for a complete list).
- For LOGIN and LOGOUT actions, the entity type is Ceman.
- For PASSWORD CHANGE actions, the entity type is Internal User or External User.
- Entity ID: the ID assigned to the instance of the element created by a user (e.g. 102) in Data One.
- For LOGIN and LOGOUT actions, the entity ID is the name of the Ceman Node.
- For PASSWORD CHANGE actions, the entity ID is the user ID.
Columns can be sorted in ascending or descending order.
Filters Panel
The Filters panel on the right side of the screen allows you to filter audit logs based on specific criteria and quickly find specific events. Available filters include:
- Time Slot: filter by the time the event occurred (options: None, last hour, last 4/8/12 hours, or a CUSTOM slot).
- Message Code: filter by the message code number.
- Message: filter by keywords in the audit message.
- Data One User: filter by the user who performed the action.
- Audited Operation: filter by the type of operation (e.g., create, modify, delete).
- Entity: filter by the entity type (e.g., contract, user).
- Advanced: filter by additional fields associated with non-default columns, such as Module, LCID, Cluster, Node, Entity Type, and Entity ID.
Export
Audit logs can be exported to external files for further analysis.
Users can export audit logs via the Command Line Interface (CLI) that is documented in the Export audit logs page.
Updated 2 months ago