If you can't find the product or version you're looking for, visit support.ataccama.com/downloads

Audit

The Audit tab lets you visualize the information collected by the Audit module. The Audit module is an optional component that retrieves audit logs from the Metadata Management Module (MMM) and the Data Processing Module (DPM).

For more information about how to configure the Audit module, see Audit Configuration.

Take note of the following:

Audit logs are stored in a separate PostgreSQL database and can also be queried through GraphQL. For more information, see Audit API.
Audit logs can be enabled on a specific entity by adding the following MMD trait to the entity configuration: audit:auditEnabled. For more information, see Traits.

Overview

The Audit UI provides a list of all available audit logs with the following information shown for each entry:

Time: The date and time at which an operation occurred.
User: The name of the user responsible for the action.
Action: The type of action performed, for example: OPERATION, FINISH_SUCCESS, READ.
Operation: Describes the action taken by user, for example, Access detail, Detect anomalies, List, Check catalog item DQ availability. The values are provided dynamically based on the input from the audited modules.
Asset type: The type of asset, such as attribute, catalogItem, connection, credential, location, source.
Asset name: The name of the asset. Not available if the asset is not listed.

You can search the list by asset name or filter based on the user, action, operation, or date range.

View entry details

To display more details about a particular audit log entry, select the entry from the list. The information is grouped as follows:

Operation: In addition to Action, Operation, Type (Asset type), Asset name, and User name (User), which are already shown in the audit logs overview, the detailed view provides the following:
- Asset ID: The unique identifier of the asset. Not available if the asset is not listed.
- Correlation ID: The identifier that links the asset to all the operations related to that asset. See Related operations.
Related operations: A list of operations associated with the selected operation or asset. For each operation listed, you can see the following information: Time, Action, Operation, Asset type, Asset name.
Affected assets: A list of assets that were accessed in order to fulfill the action taken by user. For each asset, the following information is shown: Time, Action, Asset type, Asset name.
(Optional) Additional information: Some operations contain a list with additional information. With some properties, you can drill down for more details. The included information depends on the type of operation.

Export audit logs

In this version, the feature is experimental. In addition, its availability may vary depending on your distribution.

When the Export feature is configured, audit logs can be exported from the audit database to a designated ONE Object Storage (MinIO) bucket following a predefined schedule. It is also possible to define how often the exported files are cleaned.

Audit entries are exported in the form of two CSV files, one for operations (audit_export_operations_YYYY-MM-DD.csv) and one for accessed assets (audit_export_assets_YYYY-MM-DD.csv). Files follow the same structure that is used in the audit API database, with the exception that the module name that is not stored in a separate table in this case. The following schemas are used:

Operations: "id", "correlationId", "user", "userId", "userName", "time", "action", "operation", "assetType", "assetName", "assetId", "moduleName", "violation".
Assets: "id", "correlationId", "type", "assetType", "assetId", "action", "violation", "moduleId", "moduleName", "moduleHost", "time", "user", "assetName", "userId", "userName".

To enable exporting, the following requirements must be met:

In the Audit module configuration, set up the connection to ONE Object Storage using the following properties:

ataccama.one.object-storage.storages[0].is-default=true
ataccama.one.object-storage.storages[0].storage-id=export
ataccama.one.object-storage.storages[0].env=test;
ataccama.one.object-storage.storages[0].storage-type=MINIO
ataccama.one.object-storage.storages[0].connectionProperties.url=http://localhost:8091
ataccama.one.object-storage.storages[0].connectionProperties.access-key=minio
ataccama.one.object-storage.storages[0].connectionProperties.secret-key=minio-secret
ataccama.one.object-storage.storages[0].connectionProperties.tmp-expiration=3600000

For more information, see ONE Object Storage Configuration and Audit Configuration.

In the Audit Module configuration, specify how exporting should work.
- Enable the Export feature through the following property:
  ataccama.audit.export.enabled=true
- Provide additional information regarding the connection to ONE Object Storage, such as the storage identifier and the bucket name. If you are not using the default value for ataccama.audit.export.storage-id, make sure to update the property ataccama.one.object-storage.storages[0].storage-id accordingly.
  ataccama.audit.export.storage-id=export ataccama.audit.export.bucket-name=audit-export
- (Optional) Edit the following properties if you do not want to use the default values set for the audit logs retention period and exporting and cleaning schedules. The retention period is expressed in DAYS, while the exporting and cleaning schedules use Cron expressions. By default, the Audit module attempts to export data from the previous day every 2h if the logs are not already exported. In addition, files older than 14 days are removed from the bucket.
  ataccama.audit.export.retention-period=14 ataccama.audit.export.cron=0 0 1/2 ? * * ataccama.audit.export.cleanup-cron=0 0 1 * * ?
To be able to retrieve the exported audit logs using the MinIO/S3 API, make sure you have the necessary credentials for ONE Object Storage.

Was this page useful?