Skip to content

Data protection

Audit log

Here you can use the Enable logging checkbox to specify that the following events are logged in an Audit.log file in the //vdServerArchive\VD$A\Logs directory. The Audit.log file is an NDJSON file (newline delimited JSON).

  • Authentications of all kinds (login, update of internal tokens, etc.)
  • Change of passwords
  • Change of LDAP configuration
  • Change of account policies
  • Changes to group roles, users and user rights
  • Updates in Maintenance mode

When the Audit.log file has reached a certain size, it is backed up and compressed and a new file is created. After the number of days specified in the Period of retention field, the old files are deleted.

You can use the Audit.log file to detect various anomalies, e.g. logon attempts by a user who should not currently be working on the system or particularly frequent logon errors by a specific user.

The file contains the following fields:

  • method: API method or function that writes the entry
  • address: IP address of the client that calls the function
  • resource_type: resource type (may include some events)
  • event: actual event that is being processed
  • type: subtype of an event
  • identifier: resource that has been updated
  • userId: ID of the authenticated user making the request
  • diff: differences that have been made

Examples:

{"ts": "2023-03-01T14:41:43.0264917+01:00", "method":"/auvesy.octoplant.authentication.v1. Authentication/Authenticate","address":"[::1]:55562","type":"credentials","resource_type":"authentication","event":"authenticate_failure","identifier":"7f940798-4441-4713-9481-1224b8cd5fe7","user_id":"7f940798-4441-4713-9481-1224b8cd5fe7"}

A user with the ID "7f940798-4441-4713-9481-1224b8cd5fe7" has attempted to login. The authentication failed or the password contained a typing error, for example.

{"ts": "2023-03-02T09:45:04.5424827+01:00", "method":"/auvesy.octoplant.usermanagement.v1.UserManagement/BatchUpdateUserManagement", "address": "127.0.0. 1:57202","diff":"[{\"type\":\"create\",\"path\":[\"Groups\",\"1\",\"ID\"],\"from\":null,\"to\":\"26ed3e60-53f7-4f18-af72-8da19a1dd6aa\"}]","resource_type": "user","event":"update","identifier":"f45c1717-412f-474e-866b-1477803b34fc","user_id":"7f940798-4441-4713-9481-1224b8cd5fe7"}

A user with the ID "7f940798-4441-4713-9481-1224b8cd5fe7" has made a change in the User Management module: A user with the ID "f45c1717-412f-474e-866b-1477803b34fc" has been assigned to the group with the ID "26ed3e60-53f7-4f18-af72-8da19a1dd6aa".