The audit log provides Administrators with a high level overview of actions that have taken place, when they occurred, and which user initiated the action. The log is output in JSON format which allows for post-processing and further analysis. For example, it can be read by the JSON Data node.
The following actions are audited:
- All login attempts, both successful and unsuccessful.
- Run and save a data flow.
- Node execution.
- Create, update and delete schedules.
- Execute a scheduled run.
- Change schedule system settings.
- LDAP/AD import.
- Change of LDAP/AD system settings.
- Create, update, and delete a user.
- Create workspaces.
- Add or remove a user role.
- Change password.
- Create, update, and delete group.
- Create, update and delete folders.
- Logout and UI session timeout.
- Start and completion of backup.
The audit log is located at: <Data360Analyze site configuration directory>/logs/lae-audit.log
For example, C:/Users/<username>/Data360Analyze/site-7731/logs
Every day that the application is used, a new audit log file is created. Log files for previous days are saved in the same folder with the creation date as a suffix, for example lae-audit.log.2018-10-31
.
The first section in this topic gives an overview of the elements that make up the audit log, see Understanding the audit log.
The final section gives details of how to map specific actions to log entries, see Identifying and tracing actions.
Understanding the audit log
In general, log entries are made up of the following pieces of information:
Log entry information | Description | Example |
---|---|---|
|
Indicates the time and date of the audited action. Each new timestamp indicates a new audit log entry. |
"timestamp":"2018-08-03T12:53:00.163+01:00"
|
|
The name of the action. |
"auditCode":"executionSessionService.execute"
|
userID
|
The |
"userId":"b9469ceb-65bd-472c-b8fa-d71a63be6929"
|
username
|
The |
"username":"user1234"
|
tenantName
|
The name of the deployment — with the currently supported model, this will always be set to defaultTenant . |
"tenantName":"defaultTenant"
|
success
|
A true or false statement that indicates if the action completed successfully or not. |
"success":true
|
arguments
|
The arguments passed in the API request. |
|
response
|
The API response to the action. Contains defined error fields. |
|
Identifying and tracing actions
By understanding the information tags within an audit log, you can follow the trail of actions undertaken by a specific user, or trace the changes to a given data flow.
For example, a new data flow is created with the following ID: 6ca06e21-73d0-4816-b44d-238903d3768f
{"timestamp":"2018-11-05T10:20:29.411Z","auditCode":"executionSessionService.create","userId":"b9469ceb-65bd-472c-b8fa-d71a63be6929","username":"User1234","tenantName":"defaultTenant","success":true,"arguments":{"executionSession":{"id":"49486f20-96ca-4a70-8f32-f738b15e59fc","graphLocator":"object:!tenant:defaultTenant~workspace:908ee33e-5eee-1694-4284-63aea9310e8c~edit-session:c833d293-c2e8-4dea-b129-60630f38558a~graph:6ca06e21-73d0-4816-b44d-238903d3768f","lxsId":null,"runtimeProperties":{},"valid":false,"runBy":"User1234","runDate":null,"runState":null,"lastExecutionCandidates":[],"allExecutionCandidates":[],"executionLogId":null,"interfaces":["ExecutionSession"]},"workspaceLocator":"object:!tenant:defaultTenant~workspace:908ee33e-5eee-1694-4284-63aea9310e8c"},"response":"object:!tenant:defaultTenant~workspace:908ee33e-5eee-1694-4284-63aea9310e8c~execution-session:49486f20-96ca-4a70-8f32-f738b15e59fc"}
Later, a new schedule is created based on this data flow:
{"timestamp":"2018-11-05T14:09:14.478Z","auditCode":"simpleScheduledTaskService.create","userId":"admin","username":"admin","tenantName":"defaultTenant","success":true,"arguments":{"containerLocator":"object:!tenant:defaultTenant~directory:__Root__~directory:__Users__~directory:c5eb280e-773f-d5bc-679a-455d6d702462","simpleScheduledTaskDto":{"id":"6e140249-5b0d-4428-9913-c19672336633","name":"schedule test","description":null,"enabled":true,"triggerProperties":{"cronExpression":"0 09 14 1 1/1 ? *","startDateTime":"2018-11-05T14:09:06Z","interval":"monthly","monthlyScheduleOption":"day-of-week"},"runAs":null,"dataflowId":"6ca06e21-73d0-4816-b44d-238903d3768f","runProperties":{},"searchPath":["object:!tenant:defaultTenant~directory:__Root__~directory:__Users__~directory:c5eb280e-773f-d5bc-679a-455d6d702462"]}},"response":"object:!tenant:defaultTenant~directory:__Root__~directory:__Users__~directory:c5eb280e-773f-d5bc-679a-455d6d702462~scheduled-task:6e140249-5b0d-4428-9913-c19672336633"}
Some examples of common audit log entries are listed in the tables below, along with a description of how the log entry relates to a user action in Data360 Analyze:
Login
Log entry | Description |
---|---|
|
Indicates that a user has successfully signed in to Data360 Analyze. When a user signs in to the application, you will also see the following log entry:
|
Create or update user or group
In the following examples, all actions except groupService.create
and groupService.updateGroup
are logged as a result of a single create user request. You can identify a user by their ID, for example, 21fad3f0-f8a2-4d66-846e-240dca92b16f
, which you can trace through the various actions.
Log entry | User action and example | |||||
---|---|---|---|---|---|---|
|
|
|||||
|
|
|||||
|
|
|||||
|
|
|||||
|
|
Create, update and delete a folder
Log entry | User action and example | |||||
---|---|---|---|---|---|---|
|
|
Create, save, run or delete a data flow
When a data flow is created, an edit session is opened to track data flow and node edits, and an execution session is opened to track the state of the data flow.
Log entry | User action and example |
---|---|
|
|
|
|
Node execution
Log entry | User action and example |
---|---|
and
|
When a node is executed, two entries are added to the log:
The reference to the node that is being executed is logged in the following format:
|
Create, update or run a schedule
Log entry | User action and example |
---|---|
and
|
When a user creates a schedule, several entries are added to the audit log including
When a schedule is updated, two entries are added to the audit log: The
The
When a user deletes a schedule, the following audit entries are logged:
|
|
Tip: Unlike when a user triggers a data flow to run immediately, when the system runs a schedule,
scheduledTaskId and scheduledTaskName attributes are logged in place of userid and username .
|
|
|
|
|
Run clean up settings
Log entry | User action and example |
---|---|
and
|
The following entries are logged when a new schedule setting is set, for example if a user chooses to delete temporary data after a successful run or specifies a number of recent scheduled runs to keep:
When a schedule setting is changed, for example if a user modifies the period of time for which they want to keep scheduled runs, the following entries are logged:
|
LDAP/AD integration
Log entry | User action and example |
---|---|
|
As a result of a user configuring LDAP/AD authentication settings, you will also see
|
|
|
|
Note that has a result of configuring or editing LDAP/AD user import settings, you will also see a
|