Audit Trail
Configuration Audit Trail will log all configuration operations that can be associated with an user identity, to persistent storage. Such operations are:
- Changing Apis Hive properties
- Adding and removing Apis modules
- Changing Apis Hive- and Apis Hive Module properties
- Adding, removing and renaming Apis Hive items
- Adding, removing and changing Apis item attributes
- Apis external item configuration, adding and removing external items and changing expressions.
- Apis Event Broker configuration, connecting and disconnecting events and commands
- Semantic model configuration
To enable audit trails in your APIS configuration, you must first enable security. To enable security, please see here: Security
Enable Configuration Audit Trails in Apis Hive instance
To enable security, open the Windows registry editor on the machine where Apis Foundation is installed, and navigate to:
HKEY_LOCAL_MACHINNE/SOFTWARE/Prediktor/Apis/<Your Hive Instance>/Security/ConfigAudit
Set the "Enabled" registry value to 1.
Set the "WriteToFile" registry value to 1, enable writing of configuration audit trail events to plain text files.
If you leave the registry value "WriteToFile_Path" empty/blank, the files will be written to the folder:
- <Install Directory>\Config\<Your Hive Instance>\AuditTrail
or, override this default behavior by entering a fully qualified path in the "WriteToFile_Path" key.
File format
The configuration audit trail text files, gets the file extension ".audlog" and a maximum size of 25 MBytes before a new file is created. File names are generated from the current system date and time, expressed in Coordinated Universal Time (UTC).
The file format is a TAB separated file containg lines like this:
<time of event (utc)><user identity><config operation><variable length config operation metadata>...
The files can easily be opened in any editor that can read text files.
Tip: you open the files in Excel as TAB separated text files, you can use Filtering on columns to more easily search for user identities and/or operations.
Example:
2018-09-27 06:28:33,7631785 <ApisConfigAuditFileWriter> Audit trail starting
2018-09-27 06:46:59,3619059 PREDIKTOR\username ModuleAdded WorkerDEMO
2018-09-27 06:47:13,8699130 PREDIKTOR\username ItemAdded WorkerDEMO.Sine
2018-09-27 06:47:33,3106825 PREDIKTOR\username ItemAttributeChanged WorkerDEMO.Sine Amplitude 100
...
2019-09-27 06:49:38,0063460 <ApisConfigAuditFileWriter> Audit trail stopping