Uploaded image for project: 'JOC - JobScheduler Operations Center'
  1. JOC - JobScheduler Operations Center
  2. JOC-2047

Provide Audit Trail

    XMLWordPrintable

Details

    Description

      Current Situation

      • The JS7 - Audit Log stores information about changes to the state of objects to the audit.log file. In addition, details are provided from a separate audit-objects.log file.
      • No detailed information is available about the precise request and particularly not about requests that will not change objects.

      Desired Behavior

      • The JS7 - Audit Trail stores detailed information about any REST API requests and responses to the audit-trail.log file.
      • The log file can become huge as it includes any REST API requests (GET, POST) and related responses. The purpose of the Audit Trail is preferably about compliance-aware logging. The Audit Trail allows to identify any actions performed by users and can be used to identify offending activities in case of compliance breaches.
      • When activating the Audit Trail, users should be aware of legal implications. Depending on applicable law, the Audit Trail might not be used or might be used under limitations to pursue offending behavior of users. The Audit Trail allows tracking of user activities. While this is relevant information in case of security breaches, use of the log file might be denied or limited by applicable law.

      Configuration

      • The format of the log file is line-based JSON, this means valid JSON per line, not valid JSON for the file.
        • Each line holds the following properties:
          • Timestamp: timestamp of logging
          • Thread ID: allows to correlate requests and responses
          • Account: offers to track requests per user account
          • Client IP address: information is not spoofing-resistent
          • MD5 hashed Access Token: allows to track requests and responses from the same user session
          • follows the original Request or Response
        • To make the audit-trail.log file valid JSON, users have to add a header line holding the [ array indicator, a footer line holding: ""] and have to add a comma to the end of each line of log output. Making the audit-trail.log a valid JSON file will allow to use popular tools such as jq for log analysis.
      • The audit-trail.log file can be activated from the log4j2.xml configuration file like this: 
        • <Logger name="JOCAuditTrailLog" additivity="false" level="INFO">
    <AppenderRef ref="AuditTrailLogAppender"/>
</Logger>
        • To activate logging modify the log level property from OFF to INFO or DEBUG.

      Attachments

        Issue Links

          mentioned in

          Page Loading...

          Wiki Page

          Wiki Page Loading...

          Activity

            People

              oh Oliver Haufe
              ap Andreas Püschel
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated: