Audit Logs
Description
A software suite that has good detailed audit logs can assist a company monitor data and keep track of potential security breaches or internal misuses of information.
The Audit Logs allows you to view the actions that was carried out in Ambience. It has filters that allow you to select the desired start and end dates and filter the desired data to view. The log displays a limit of 500 records. You can also download the log in CSV or JSON format.
Module Interface
Interface | Description | Required Privilege |
---|---|---|
Audit Logs | Allows access to Audit Logs page. | mod-audit-log-viewer |
Log Parameters
There are two panels in the Audit Logs. The left panel allows you to select the desired start and end dates, and filter for the log. The right panel allows you to select the desired column fields to be displayed and it consists of two pages; namely “Audit” and “When”.
Left Panel
The left panel allows you to select the start and end dates, as well as setting up the filters.
To select the start date, select the checkbox on the left of the “Start” field. By default, the current date is used. To choose another date, click in the “Calendar” icon and choose the desired date. Do the same for the end date.
There are three components to form a criteria filter; namely the column field, operator and expression/value. The column field selects the column to filter. The expression defines the information to filter. The operator selects how the filter behaves along with the column field and expression.
When no column field and expression is defined, the entire log is displayed when the “View” button is clicked.
To create a criteria filter, select the desired column field from the drop-down list. Select the appropriate operator in the centre textbox. In the third textbox, key in the desired expression or value. To clear or delete a filter, click on the icon. To add more filters, click on the “+” icon.
When using Contains
or Starts with
for string comparison, regular expressions are used. The [ and ] characters are reserved to indicate a range of characters. For example,
[Ll]ayout
will find “Layout” and “layout”.
Since the [ character is reserved, using it by itself will result in an error message. There are other quantifiers that can be used along with the regular expressions, such as ().*?^.
To use the reserved characters, place a \ character in front of them. In the below example, to find messages that contains with the . character, a \ is placed in front it.
Right Panel
The right panel allows you to select the column fields to be displayed in the viewer. It consists of two pages:
- Audit - allows you to select the modules, user, etc.
- When - defines when the action occurs
By default, the “Audit” page is displayed with default fields. You can change the setting by selecting or unselecting the fields in the panel.
To go to the “When” page, click on “Audit” and select “When”. The fields available for “When” will appear. Select or unselect the fields according.
Note the “When” option “run” is the unique value for which server session. If you are only interested in things that happened this time you ran the server, then look at the system information:
The Run ID is the number of times you have started Ambience. You can filter by run = 461 to only see events from the current server session. If you stop and restart, Run ID will be 462.
Viewer Usage
To generate the audit log, select the desired date range and set up the filters in the left panel. In the right panel, select the desired column fields in the “Audit” and “When” panels.
Click on the “View” button and the audit log will appear in the panel below.
By default the log is in descending order. You can re-sort the log in ascending order by clicking on the “Descending” field and select “Ascending” from the drop-down list.
If the generated log does not have the column fields you desire, you can add the columns by selecting the column field checkboxes in the right panel and vice versa.
You can add filters by clicking on the desired cell field, for example, identity
in the “component” column. The filter will automatically fills up. By default, the “Equal” operator is selected. If it is not the desired operator, click on the “Equals” operator and select the desired operator from the drop-down list.
Click on the “View” button to re-generate the log. Now the records with “main” are removed.
The log can be downloaded by clicking on the “Download” button that appear in the page and select a format option from the drop-down list.
The log can be downloaded either in CSV or JSON format.