Difference between revisions of "Fusion Edge Server Audit"
(→Audit File) |
|||
| Line 12: | Line 12: | ||
The "launch time" value represents the time when the Edhe Server was started. However, this value is expressed as a lengthy numerical figure, indicating the time in milliseconds since 1970. | The "launch time" value represents the time when the Edhe Server was started. However, this value is expressed as a lengthy numerical figure, indicating the time in milliseconds since 1970. | ||
| − | Audit information will be written to this file until either the Edge Server is terminated or the file reaches the file limit of 10Mb in size. If the file limit is reached, a new file is created with the next incremental Log Index value. | + | Audit information will be written to this file until either the Edge Server is terminated or the file reaches the file limit of 10Mb in size. If the file limit is reached, a new file is created with the next incremental Log Index value. Audit files that are actively being written to may be "locked" by your Operating System until either the Edge Server is terminated or a new audit file is started. |
Each Audit file contains JSON, but this is not formatted for ease of reaability. Until the file is "completed", either by termination of the Edge Server, or by a new log file being started, a final closing brace character "]" is required to make the file contents become valid JSON. So you may find that if you wish to look at the currently being written Audit file you have to: | Each Audit file contains JSON, but this is not formatted for ease of reaability. Until the file is "completed", either by termination of the Edge Server, or by a new log file being started, a final closing brace character "]" is required to make the file contents become valid JSON. So you may find that if you wish to look at the currently being written Audit file you have to: | ||
Revision as of 10:10, 17 January 2024
This page explains details the Audit capabilities of Fusion Edge Server.
Contents
Audit File
All Audit information from Fusion Edge Server is written to Audit files which are located in the "Audit" sub-folder of your Edge Server Directory. Audit files are named according to the format:
EdgeServerAudit_<launch time>_<log index>.json
For example:
EdgeServerAudit_1704067199000_1.json
The "launch time" value represents the time when the Edhe Server was started. However, this value is expressed as a lengthy numerical figure, indicating the time in milliseconds since 1970.
Audit information will be written to this file until either the Edge Server is terminated or the file reaches the file limit of 10Mb in size. If the file limit is reached, a new file is created with the next incremental Log Index value. Audit files that are actively being written to may be "locked" by your Operating System until either the Edge Server is terminated or a new audit file is started.
Each Audit file contains JSON, but this is not formatted for ease of reaability. Until the file is "completed", either by termination of the Edge Server, or by a new log file being started, a final closing brace character "]" is required to make the file contents become valid JSON. So you may find that if you wish to look at the currently being written Audit file you have to:
- Create a copy of the Audit file
- Open this copy in the editor of your choice (for example Notepad++)
- Add a final "]" character to the end of the file
- Format the JSON for readability/
Disabling Audit
Auditing can be disabled by modifying the Edge Server properties file and adding the entry:
audit.disabled=true
See the properties page for more information.
Contents of the Audit File
It is necessary to have a basic understanding of the JSON format to understand how to parse the Audit file. The file contains a JSON array of items. Each item in the array is a JSON Object. Each JSON Object is identified by "curly braces" { and }. Some JSON objects contain other JSON objects (e.g. "properties" in the example below). Each item in the highest level JSON array, represents a unique audit event in the Edge Server. The following shows an example of one such event:
{
"uid": "e3de1d84-2413-4b7a-ae1d-754ad38d3a9f",
"process_id": "REST_API",
"thread": "http-nio-8084-exec-8",
"event_type": "GET",
"username": "guest",
"process_start": 1699023147303,
"process_end": 1699023147342,
"duration": 39,
"status": 200,
"vmid": "a58a00a880f5f938:4d097009:18b95a67fb4:-8000",
"machine_id": "DESKTOP-DSTGA0Q/192.168.1.14",
"software_version": "4.7.2.0.0.0",
"properties": {
"QueryParameters": {
"c[FREQ]": "A",
"c[REF_AREA]": "BE"
},
"HttpHeaders": {
"host": "localhost:8084",
"user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/119.0",
"accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8",
"accept-language": "en-GB,en;q=0.5",
"connection": "keep-alive"
},
"IP": "127.0.0.1",
"Path": "/sdmx/v2",
"PathInfo": "/data/dataflow/BIS/BIS_CBPOL/1.0",
"Locale": "en_GB",
"HttpStatus": 200
}
}
The above JSON can be described in the following manner, where the items in brackets indicate the field that is being referred to.
A GET event ("event_type") was performed on on Friday, 3 November 2023 14:52:27.303 GMT ("process_start" of 1699023147303 ) by user "guest" ("username"). This process completed succesfully ("HttpStatus" of 200) and was a request against the Dataflow BIS:BIS_CBPOL(1.0) ("PathInfo"). The query was further constrained by the Frequency of "A" and Reference Area of "BE" ("QueryParameters")
There is more information contained in this one JSON object, but that allows us to get a quick overview of what the request was for.
Child events
Some audit events have a parent UID (element: "parent"). This shows that this audit event was created from the UID referenced in the "parent" value.
Elements
The following describes each of the elements that can be found in a JSON Object:
| uid | The Unique Identifier (UID) of the event |
| process_id | The type of process requested. Such values are "APPLICATION_START" (the edge server start event), "SDMX_GET" (??), "REST_API" (a query for structures or data) |
| thread | The internal thread namethat this ran on within the Edge Server |
| event_type | The HTTP Event Type that was performed |
| username | The identity of the user that performed this request |
| process_start | The start time (in milliseconds since 1970) that this request was performed |
| process_end | The end time (in milliseconds since 1970) that this request was performed |
| duration | The total time (in milliseconds) to complete the request |
| status | The returned HTTP status |
| vmid | The VMID of the system running the request |
| machine_id | The identity of the machine that was running the Edge Server that performed this request |
| software_version | The version of the software of Fusion Edge Server |
| properties | A JSON Object containing parameters submitted in the request |
| QueryParameters | A JSON Object containing keys and values that were in the request (e.g. Key: "FREQ" and value "A") |
| HttpHeaders | A JSON Object containing elements that were present in the header request |
| IP | The IP of the originating request |
| Path | Part of the request's URL and can be used to identify various Web Services. E.g. it could be: "/sdmx/v2" showing a version 2 SDMX request, or "/ws/public/sdmxapi/rest" showing a request to the version 1 API |
| PathInfo | The extra information added to the "path". This identifies individual structures or datasets being requested. |
| Locale | The locale used in the request |
| HttpStatus | The HTTP Status of the request |
