Audit trails (also called audit log) are set of records that chronologically catalog events or procedures to provide support documentation and history that is used to authenticate security and operational actions, or mitigate challenges. These records provide proof of compliance and operational integrity. Audit trail records will contain details that include user activities, and automated system activities.
Audit Logs is a key feature in Agent Control Center which tracks and monitors all the events and activities performed by the user or system.
This article describes which parts of ACC are provided with Audit Logs.
Audit Logs or Audit Trail in ACC is set with two types:
- DB Logs – Audit log entries stored in database is referred as DB logs.
- File Logs - Audit log entries stored in file is referred as File logs.
Please note that file logs are accessible only with Super Admin privileges.
Agent - Audit Log
Navigate to Agents ->Repository in order to check Audit Logs on Agents.
It contains all the details like Agent Name, Description, Latest Version, Deployment server, Proxy pool, Success Criteria, Rate Limit, Last Updated date, Job Status and Run status.
Click on the context menu of the selected agent to view Audit Logs.
Agent audit logs contains User Name, Audit Types, Operations, Description, Contents and Created. All these details are stored in database.
1. Data Base Logging:
- User Name- This column displays the name of the user by whom changes have been made.
- Audit Types - This column displays the section on which changes have been made by the user.
- Operations - This column displays the action/operation done by the user.
- Description - This column displays the details of action performed by the user.
- Contents- Each action recorded contains raw data under “Contents” column. Click on “Raw Data” link to see contents of the action performed by the user.
- Created - This column displays date and time of action performed by the user.
2. File Logs
Click on the “File Logs” link. It will navigate to Agent File Logs page which contains File Name in text file format, Created date and time and Contents of the log. Click on the “Get Log File” to view the log file contents.
Log file shows the complete information of the actions performed step by step in the agent i.e. Date and time, Operation performed, Cluster Name, Server IP, AgentID, AgentJobScheduleId, AgentRunHistoryId, Input Parameters (if any), LogLevel, IsWindowless, RateLimitID, RunId, SessionId, ServerTime, AgentStartTime and Status Message.
Here’s a tabular format which describes audit log storage based on actions performed by the user or by the automated system.
|Actions||Stored in File||Stored in database|
|Start agent on cluster||Yes|
|Add job schedule||Yes|
|Update job schedule||Yes|
|Delete job schedule||Yes|
|Start job schedule||Yes|
|Start job schedule (Manually Through UI)||Yes|
|Disable job schedule||Yes|
|Enable job schedule||Yes|
|Set status for latest job run||Yes|
|Add agent input data||Yes|
|Update agent input data||Yes|
|Upload agent input files||Yes|
|Delete agent input file||Yes|
|Disable agent input file||Yes|
|Enable agent input file||Yes|
|Agent moved from one to another directory (Same recording is in Agent audit trail window)||Yes|
|Change the Directory name||Yes|
|Add agent in to the Directory||Yes|
|Version updated to the agent (Same recording is in Agent audit trail window)||Yes|
|Adding or deleting sub directory||Yes|
|Deleting sub directory||Yes|
|Add Rate Limit||Yes|
|Update Rate Limit||Yes|
|Reset load counter||Yes|
|Delete Rate Limit||Yes|
|New User Created||Yes|
|Role privileges added||Yes|
|Disable the User||Yes|
|Enable the User||Yes|
|Update the user detail||Yes|
|Change the user password||Yes|
|Generate API access key||Yes|
|Delete the user||Yes|
|Recover the User||Yes|
Directory Audit Trial
In order to access the Directory Audit Trail, navigate to Directory -> Directory Audit Trial on Agent repository page. For Sub-directories click on the context menu of the selected directory.
Both audit logs display the same page which includes the detail of user’s and operations performed by them. Audit trail contains these fields: User Name, Operations, Description, Contents, and Created. Please check above for details of these fields.
Raw Data provides information related to DirectoryId, Name,NameOnServer, Description, Environment, ParentID, Parent, DefaultConsumerUserAccount, IsGeneratedJobFailureTickets, JobRunHistoryRetentionPeriod, TicketRetentionPeriod, DefaultAgentLogLevel, IsLogAgentAndApiActivity, HighResourceUsageAction.
User Audit Log
Navigate to Organization -> Users which displays User Page, Click on the “Audit Logs” from the context menu of the selected user.
This page contains User Name, operations, Description, Contents, Created details.
Raw data of the User Audit log page consists of UserAccountId, UserName, FullName, Email, DirectoryId, IsAccessAllSubDirectories, IsDeleted, IsDisabled.
Please note that Audit logs of User can only be viewed with Admin and Super Admin privileges.
Organization Audit Log
Navigate to Organizations -> Organizations page. Organizations page has the details like Organization name, Rate Limit Required, and Created.
Click on the Context Menu to access the Audit logs of any organization.
Organization Audit trial page contains information regarding User Name, Operations, Description, Contents, and Created.
Raw data shows the details as per the operations or actions made by the user. For example an update made in Rate Limit includes different parameters like RateLimitId, Name, IsLoadLimitEnabled, IsSessionLimitEnabled, IsDomainFilterRegex, IsSuccessOnLimit, IsGenerateTicketOnLimit, IsGlobal, IsAllAgents, DomainFilter, LoadLimit, LoadCounter, LoadCounterStartTime, SessionLimit.
Please note that Audit logs of Organizations can only be viewed with Super Admin privilege.