Format

Audit messages are in format according to Syslog specification (RFC5424), so these attributes are logged:

• Facilty - ("16" - that means local use 0)

• Severity - ("6" - normal information) - there aren't now another cases. (See RFC for more info)

• Version - "1"

• Time - local time in ISO8601 format (it must respect RFC5424 specification, e.g. 2016-10-02T17:14:41.662+02:00)

• Host - "localhost" or machine domain name or machine IP

• App name - "MANAGEMENT_SERVICE"

• Process ID - "-"

• Message type ID - unique ID of the type of message (e.g. "USER_SAVE", "DEVICE_CREATE" ), the full list of available IDs can be obtained via API. For details how to access the API and usage see https://<management_url>/swagger-ui.html#/Audit

• Structured message parameters as pair of name=value according to specification, e.g. "[web@18060 iut="3" eventSource="Application" eventID="1011"]"

  • Structured message parameters ID - "web@18060" for message strucutred parameters comming from web interface

  • These parameters are logged (its value of the parameter may be null or blank if isn't possible to detect):

    • auditPoint - point from message comes from, could have values:

      • METHOD_INPUT - for message with action input parameters

      • METHOD_OUTPUT - for message with action output parameters

      • METHOD_EXCEPTION - for message with action exceptional (technical error) parameters

    • crudType - type of the CRUD operation

      • CREATE - create resource

      • READ - read resource

      • UPDATE - update resource

      • DELETE - delete resource

      • CREATE_OR_UPDATE - create or update resource (when it couldn't be resolved if action creates or updates one)

      • UNKNOWN - action where couldn't be CRUD operation set

    • requestId - id of the request to track all action depending on the same request

    • requestIp - IP of the client machine

    • requestPath - path of the resource

    • sessionId - id of the user session

    • tenantDomain - domain of the tenant

    • tenantIdentification - unique identification of the tenant

    • userId - unique user identification

    • userName - name of the user

• Message with it's parameters

  • Human readable message description

  • After message description there are message parameters in format similar to structured parameters, i.e. name=value such as "[param1="3" eventSource="Application" eventID="1011"]".

Technical parts of message (facility, severity, version, app name, process id) can be customized in the following section.

Configuration

Audit log message system can be configured as standard log4j2 logger according to documentation (for configuring syslog see this Syslog appender documentation). For information of the configuration file location see YSoft SafeQ Management Service Logs.

In configuration it's possible to change audit log format, setting up syslog server or disable audit log completely.

In Management Service log4j2.xml there's commented example of configuration: