Difference between revisions of "Fusion Edge Server Audit"

From Fusion Registry Wiki
Jump to navigation Jump to search
(Elements)
(Elements)
Line 81: Line 81:
 
| '''event_type''' || The HTTP Event Type that was performed
 
| '''event_type''' || The HTTP Event Type that was performed
 
|-
 
|-
| '''username''' || The name of the user that performed this request
+
| '''username''' || The identity of the user that performed this request
 
|-
 
|-
| '''process_start''' ||: 1699023147303,
+
| '''process_start''' || The start time (in milliseconds since 1970) that this request was performed
 
|-
 
|-
| '''process_end''' ||: 1699023147342,
+
| '''process_end''' || The end time (in milliseconds since 1970) that this request was performed
 
|-
 
|-
| '''duration''' ||: 39,
+
| '''duration''' || The total time (in milliseconds) to complete the request
 
|-
 
|-
| '''status''' ||: 200,
+
| '''status''' || The returned HTTP status
 
|-
 
|-
| '''vmid''' ||:''' ||a58a00a880f5f938:4d097009:18b95a67fb4:-8000''' ||,
+
| '''vmid''' || The VMID of the system running the request
 
|-
 
|-
| '''machine_id''' ||:''' ||DESKTOP-DSTGA0Q/192.168.1.14''' ||,
+
| '''machine_id''' || The identity of the machine that was running the Edge Server that performed this request
 
|-
 
|-
| '''software_version''' ||:''' ||4.7.2.0.0.0''' ||,
+
| '''software_version''' || The version of the software of Fusion Edge Server
 
|-
 
|-
| '''properties''' ||: {
+
| '''properties''' || A JSON Object containing parameters submitted in the request
 
|-
 
|-
| '''QueryParameters''' ||: {
+
| '''QueryParameters''' || A JSON Object containing keys and values that were in the request (e.g. Key: "FREQ" and value "A")
 
|-
 
|-
| '''c[FREQ]''' ||:''' ||A''' ||,
+
| '''HttpHeaders''' || A JSON Object containing elements that were present in the header request
 
|-
 
|-
| '''c[REF_AREA]''' ||:''' ||BE''' ||
+
| '''IP''' || The IP of the originating request
 
|-
 
|-
| '''HttpHeaders''' ||: {
+
| '''Path''' || Part of the request's URL and can be used to identify various Web Services. E.g. it could be: "/sdmx/v2" showing a version 2 SDMX request, or "/ws/public/sdmxapi/rest" showing a request to the version 1 API
 
|-
 
|-
| '''host''' ||:''' ||localhost:8084''' ||,
+
| '''PathInfo''' || The extra information added to the "path". This identifies individual structures or datasets being requested.
 
|-
 
|-
| '''user-agent''' ||:''' ||Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/119.0''' ||,
+
| '''Locale''' || The locale used in the request
 
|-
 
|-
| '''accept''' ||:''' ||text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8''' ||,
+
| '''HttpStatus''' || The HTTP Status of the request
|-
 
| '''accept-language''' ||:''' ||en-GB,en;q=0.5''' ||,
 
|-
 
| '''connection''' ||:''' ||keep-alive''' ||
 
|-
 
| '''IP''' ||:''' ||127.0.0.1''' ||,
 
|-
 
| '''Path''' ||:''' ||/sdmx/v2''' ||,
 
|-
 
| '''PathInfo''' ||:''' ||/data/dataflow/BIS/BIS_CBPOL/1.0''' ||,
 
|-
 
| '''Locale''' ||:''' ||en_GB''' ||,
 
|-
 
| '''HttpStatus''' ||: 200
 
 
|-
 
|-
 
|}
 
|}

Revision as of 09:49, 17 January 2024

This page explains details the Audit capabilities of Fusion Edge Server.

Audit File

All Audit information from Fusion Edge Server is written to Audit files which are located in the "Audit" sub-folder of your Edge Server Directory. Audit files are named according to the format:

 EdgeServerAudit_<launch time>_<log index>.json

For example:

 EdgeServerAudit_1704067199000_1.json

The "launch time" value represents the time when the Edhe Server was started. However, this value is expressed as a lengthy numerical figure, indicating the time in milliseconds since 1970.

Audit information will be written to this file until either the Edge Server is terminated or the file reaches the file limit of 10Mb in size. If the file limit is reached, a new file is created with the next incremental Log Index value. Log files that are actively being written to may be "locked" by your Operating System until either the Edge Server is terminated or a new log file is started.

Each Audit file contains JSON, but this is not formatted for ease of reaability. Until the file is "completed", either by termination of the Edge Server, or by a new log file being started, a final closing brace character "]" is required to make the file contents become valid JSON. So you may find that if you wish to look at the currently being written Audit file you have to:

  • Create a copy of the Audit file
  • Open this copy in the editor of your choice (for example Notepad++)
  • Add a final "]" character to the end of the file
  • Format the JSON for readability/

Disabling Audit

Auditing can be disabled by modifying the Edge Server properties file and adding the entry:

 audit.disabled=true

See the properties page for more information.

Contents of the Audit File

It is necessary to have a basic understanding of the JSON format to understand how to parse the Audit file. The file contains a JSON array of items. Each item in the array is a JSON Object. Each JSON Object is identified by "curly braces" { and }. Some JSON objects contain other JSON objects (e.g. "properties" in the example below). Each item in the highest level JSON array, represents a unique logging event in the Edge Server. The following shows an example of one such event:

 {
   "uid": "e3de1d84-2413-4b7a-ae1d-754ad38d3a9f",
   "process_id": "REST_API",
   "thread": "http-nio-8084-exec-8",
   "event_type": "GET",
   "username": "guest",
   "process_start": 1699023147303,
   "process_end": 1699023147342,
   "duration": 39,
   "status": 200,
   "vmid": "a58a00a880f5f938:4d097009:18b95a67fb4:-8000",
   "machine_id": "DESKTOP-DSTGA0Q/192.168.1.14",
   "software_version": "4.7.2.0.0.0",
   "properties": {
     "QueryParameters": {
       "c[FREQ]": "A",
       "c[REF_AREA]": "BE"
     },
     "HttpHeaders": {
       "host": "localhost:8084",
       "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/119.0",
       "accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8",
       "accept-language": "en-GB,en;q=0.5",
       "connection": "keep-alive"
     },
     "IP": "127.0.0.1",
     "Path": "/sdmx/v2",
     "PathInfo": "/data/dataflow/BIS/BIS_CBPOL/1.0",
     "Locale": "en_GB",
     "HttpStatus": 200
   }
 }

The above JSON can be described in the following manner, where the items in brackets indicate the field that is being referred to.

A GET event ("event_type") was performed on on Friday, 3 November 2023 14:52:27.303 GMT ("process_start" of 1699023147303 ) by user "guest" ("username"). This process completed succesfully ("HttpStatus" of 200) and was a request against the Dataflow BIS:BIS_CBPOL(1.0) ("PathInfo"). The query was further constrained by the Frequency of "A" and Reference Area of "BE" ("QueryParameters")

There is more information contained in this one JSON object, but that allows us to get a quick overview of what the request was for.

Elements

The following describes each of the elements that can be found in the file:

uid The Unique Identifier (UID) of the event
process_id
thread The internal thread namethat this ran on within the Edge Server
event_type The HTTP Event Type that was performed
username The identity of the user that performed this request
process_start The start time (in milliseconds since 1970) that this request was performed
process_end The end time (in milliseconds since 1970) that this request was performed
duration The total time (in milliseconds) to complete the request
status The returned HTTP status
vmid The VMID of the system running the request
machine_id The identity of the machine that was running the Edge Server that performed this request
software_version The version of the software of Fusion Edge Server
properties A JSON Object containing parameters submitted in the request
QueryParameters A JSON Object containing keys and values that were in the request (e.g. Key: "FREQ" and value "A")
HttpHeaders A JSON Object containing elements that were present in the header request
IP The IP of the originating request
Path Part of the request's URL and can be used to identify various Web Services. E.g. it could be: "/sdmx/v2" showing a version 2 SDMX request, or "/ws/public/sdmxapi/rest" showing a request to the version 1 API
PathInfo The extra information added to the "path". This identifies individual structures or datasets being requested.
Locale The locale used in the request
HttpStatus The HTTP Status of the request