The Web Console and the Admin Console audit records are written to the product's UI component their log files.
The audit records include the following information:
| Value | Description |
|---|---|
| Time stamp | The time stamp that an action was done. For example: 05/02/2017 18:18:30,839 |
| Action execution time (ms) | The action execution time in milliseconds. |
| User IP Address | The IP address of the user that performed the action (for customers over NAT the actual IP may be the NAT service) |
| User ID | The DPOD logged in user ID that performed the action |
| Action | The action description. For example: addUser(userName=User1) |
Enabling Audit Log
To enable audit logging, edit the UI service log4j configuration file: /app/ui/MonTier-UI/lib/log4j2.xml
Add a new appender under <Appenders> element with the following content:Audit logs are enabled on DPOD by default.
To disable or enables this logs follow the steps above and restart UI and Admin consoles using Command Line Interfacer (CLI).
| Note |
|---|
In order to export the audit records to an external system, use file transfer mechanism (scp) to copy the logs off the product's server. |
Enable Audit Logs
| Code Block | ||||
|---|---|---|---|---|
| ||||
<RollingFile name="AUDIT" fileName="${tomee-log-path}/audit.log" filePattern="${tomee-log-path}/audit.%i.log" append="true" bufferedIO="false" bufferSize="0">
<PatternLayout>
<Pattern>%d{dd/MM/yyyy HH:mm:ss,SSS}- %p %c{1.} [%t] %m %ex%n</Pattern>
</PatternLayout>
<Policies>
<SizeBasedTriggeringPolicy size="5 MB" />
</Policies>
<DefaultRolloverStrategy max="10"/>
</RollingFile> |
Add a new logger under <Loggers> element with the following content:
| Code Block | ||||
|---|---|---|---|---|
| ||||
<Logger name="org.montier.ui.web.filters.AuditFilter" level="debug" additivity="false">
<AppenderRef ref="AUDIT"/>
</Logger> |
Make sure to restart the UI service after altering the log4j configuration file.
The output log file will be created in the UI service log directory (/logs/ui) with the name audit.log
| Note |
|---|
In order to export the audit records to an external system, use file transfer mechanism (scp) to copy the logs off the product's server.sed -i 's/^export OD_AUDIT_LOG_LEVEL=.*/export OD_AUDIT_LOG_LEVEL="info"/g' /etc/init.d/MonTier-UI
sed -i 's/^export OD_AUDIT_LOG_LEVEL=.*/export OD_AUDIT_LOG_LEVEL="info"/g' /etc/init.d/MonTier-AppAdmin |
Disable Audit Logs
| Code Block | ||||
|---|---|---|---|---|
| ||||
sed -i 's/^export OD_AUDIT_LOG_LEVEL=.*/export OD_AUDIT_LOG_LEVEL="error"/g' /etc/init.d/MonTier-UI
sed -i 's/^export OD_AUDIT_LOG_LEVEL=.*/export OD_AUDIT_LOG_LEVEL="error"/g' /etc/init.d/MonTier-AppAdmin |
Audit Records Example
| Code Block | ||||
|---|---|---|---|---|
| ||||
05/06/2018 18:18:30,839- DEBUG o.m.u.w.f.AuditFilter [ajp-bio-8070-exec-1] 51 192.168.65.190 admin getSystemParameters() 05/06/2018 18:18:34,183- DEBUG o.m.u.w.f.AuditFilter [ajp-bio-8070-exec-1] 8 192.168.65.190 admin getUsers() 05/06/2018 18:18:46,277- DEBUG o.m.u.w.f.AuditFilter [ajp-bio-8070-exec-1] 40 192.168.65.190 admin addUser(userName=User1) 05/06/2018 18:18:46,304- DEBUG o.m.u.w.f.AuditFilter [ajp-bio-8070-exec-1] 8 192.168.65.190 admin getUsers() |
...