Audit Log

Whenever an action that creates, updates or deletes an entity in OS2iot, it is logged. This is referred to as audit logging, since it can be used to audit who have performed changes to certain entities.

Storage of log-files

The OS2iot backend logs to std-out rather than a file. It is up to the operations team to gather these file and persist them if necessary. This could be in an ELK-stack, Prometheus or similar.

Reading the audit-logged

The audit log is logged in JSON format like so:

[Nest] 16976   - 2020-12-01 10:50:37   [AuditLog] {"userId":1,"timestamp":"2020-12-01T09:50:37.950Z","actionType":"CREATE","type":"Application","id":271,"name":"Demo for audit log","completed":true}

Formatting the JSON part to be more readable yields this:

    "userId": 1,
    "timestamp": "2020-12-01T09:50:37.950Z",
    "actionType": "CREATE",
    "type": "Application",
    "id": 271,
    "name": "Demo for audit log",
    "completed": true

Explaination of each part:

  1. userId
    1. This is the id of the user who performed the action.

  2. timestamp
    1. This is the time the action was performed, this is given in zulu time (without timezone).

  3. actionType
    1. This is the type of action which was performed, can be either CREATE, UPDATE, or DELETE.

  4. type
    1. This is the type of entity which was changed, for instance Application, User, or IoTDevice.

  5. id
    1. This is the id of the entity which was changed. This can be null, for instance if it was a CREATE that failed.

  6. name
    1. This is the name of the entity if applicable, otherwise it can be null.

  7. completed
    1. This is a boolean indication if the action was completede or not, in other words if it was successful.