Difference between revisions of "Fusion Edge Server Audit"
(→Elements) |
(→Elements) |
||
Line 81: | Line 81: | ||
| '''event_type''' || The HTTP Event Type that was performed | | '''event_type''' || The HTTP Event Type that was performed | ||
|- | |- | ||
− | | '''username''' || The | + | | '''username''' || The identity of the user that performed this request |
|- | |- | ||
− | | '''process_start''' || | + | | '''process_start''' || The start time (in milliseconds since 1970) that this request was performed |
|- | |- | ||
− | | '''process_end''' || | + | | '''process_end''' || The end time (in milliseconds since 1970) that this request was performed |
|- | |- | ||
− | | '''duration''' || | + | | '''duration''' || The total time (in milliseconds) to complete the request |
|- | |- | ||
− | | '''status''' || | + | | '''status''' || The returned HTTP status |
|- | |- | ||
− | | '''vmid''' || | + | | '''vmid''' || The VMID of the system running the request |
|- | |- | ||
− | | '''machine_id''' || | + | | '''machine_id''' || The identity of the machine that was running the Edge Server that performed this request |
|- | |- | ||
− | | '''software_version''' || | + | | '''software_version''' || The version of the software of Fusion Edge Server |
|- | |- | ||
− | | '''properties''' || | + | | '''properties''' || A JSON Object containing parameters submitted in the request |
|- | |- | ||
− | | '''QueryParameters''' ||: | + | | '''QueryParameters''' || A JSON Object containing keys and values that were in the request (e.g. Key: "FREQ" and value "A") |
|- | |- | ||
− | | ''' | + | | '''HttpHeaders''' || A JSON Object containing elements that were present in the header request |
|- | |- | ||
− | | ''' | + | | '''IP''' || The IP of the originating request |
|- | |- | ||
− | | ''' | + | | '''Path''' || Part of the request's URL and can be used to identify various Web Services. E.g. it could be: "/sdmx/v2" showing a version 2 SDMX request, or "/ws/public/sdmxapi/rest" showing a request to the version 1 API |
|- | |- | ||
− | | ''' | + | | '''PathInfo''' || The extra information added to the "path". This identifies individual structures or datasets being requested. |
|- | |- | ||
− | | ''' | + | | '''Locale''' || The locale used in the request |
|- | |- | ||
− | + | | '''HttpStatus''' || The HTTP Status of the request | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | | '''HttpStatus''' || | ||
|- | |- | ||
|} | |} |
Revision as of 09:49, 17 January 2024
This page explains details the Audit capabilities of Fusion Edge Server.
Audit File
All Audit information from Fusion Edge Server is written to Audit files which are located in the "Audit" sub-folder of your Edge Server Directory. Audit files are named according to the format:
EdgeServerAudit_<launch time>_<log index>.json
For example:
EdgeServerAudit_1704067199000_1.json
The "launch time" value represents the time when the Edhe Server was started. However, this value is expressed as a lengthy numerical figure, indicating the time in milliseconds since 1970.
Audit information will be written to this file until either the Edge Server is terminated or the file reaches the file limit of 10Mb in size. If the file limit is reached, a new file is created with the next incremental Log Index value. Log files that are actively being written to may be "locked" by your Operating System until either the Edge Server is terminated or a new log file is started.
Each Audit file contains JSON, but this is not formatted for ease of reaability. Until the file is "completed", either by termination of the Edge Server, or by a new log file being started, a final closing brace character "]" is required to make the file contents become valid JSON. So you may find that if you wish to look at the currently being written Audit file you have to:
- Create a copy of the Audit file
- Open this copy in the editor of your choice (for example Notepad++)
- Add a final "]" character to the end of the file
- Format the JSON for readability/
Disabling Audit
Auditing can be disabled by modifying the Edge Server properties file and adding the entry:
audit.disabled=true
See the properties page for more information.
Contents of the Audit File
It is necessary to have a basic understanding of the JSON format to understand how to parse the Audit file. The file contains a JSON array of items. Each item in the array is a JSON Object. Each JSON Object is identified by "curly braces" { and }. Some JSON objects contain other JSON objects (e.g. "properties" in the example below). Each item in the highest level JSON array, represents a unique logging event in the Edge Server. The following shows an example of one such event:
{ "uid": "e3de1d84-2413-4b7a-ae1d-754ad38d3a9f", "process_id": "REST_API", "thread": "http-nio-8084-exec-8", "event_type": "GET", "username": "guest", "process_start": 1699023147303, "process_end": 1699023147342, "duration": 39, "status": 200, "vmid": "a58a00a880f5f938:4d097009:18b95a67fb4:-8000", "machine_id": "DESKTOP-DSTGA0Q/192.168.1.14", "software_version": "4.7.2.0.0.0", "properties": { "QueryParameters": { "c[FREQ]": "A", "c[REF_AREA]": "BE" }, "HttpHeaders": { "host": "localhost:8084", "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/119.0", "accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8", "accept-language": "en-GB,en;q=0.5", "connection": "keep-alive" }, "IP": "127.0.0.1", "Path": "/sdmx/v2", "PathInfo": "/data/dataflow/BIS/BIS_CBPOL/1.0", "Locale": "en_GB", "HttpStatus": 200 } }
The above JSON can be described in the following manner, where the items in brackets indicate the field that is being referred to.
A GET event ("event_type") was performed on on Friday, 3 November 2023 14:52:27.303 GMT ("process_start" of 1699023147303 ) by user "guest" ("username"). This process completed succesfully ("HttpStatus" of 200) and was a request against the Dataflow BIS:BIS_CBPOL(1.0) ("PathInfo"). The query was further constrained by the Frequency of "A" and Reference Area of "BE" ("QueryParameters")
There is more information contained in this one JSON object, but that allows us to get a quick overview of what the request was for.
Elements
The following describes each of the elements that can be found in the file:
uid | The Unique Identifier (UID) of the event |
process_id | |
thread | The internal thread namethat this ran on within the Edge Server |
event_type | The HTTP Event Type that was performed |
username | The identity of the user that performed this request |
process_start | The start time (in milliseconds since 1970) that this request was performed |
process_end | The end time (in milliseconds since 1970) that this request was performed |
duration | The total time (in milliseconds) to complete the request |
status | The returned HTTP status |
vmid | The VMID of the system running the request |
machine_id | The identity of the machine that was running the Edge Server that performed this request |
software_version | The version of the software of Fusion Edge Server |
properties | A JSON Object containing parameters submitted in the request |
QueryParameters | A JSON Object containing keys and values that were in the request (e.g. Key: "FREQ" and value "A") |
HttpHeaders | A JSON Object containing elements that were present in the header request |
IP | The IP of the originating request |
Path | Part of the request's URL and can be used to identify various Web Services. E.g. it could be: "/sdmx/v2" showing a version 2 SDMX request, or "/ws/public/sdmxapi/rest" showing a request to the version 1 API |
PathInfo | The extra information added to the "path". This identifies individual structures or datasets being requested. |
Locale | The locale used in the request |
HttpStatus | The HTTP Status of the request |