Audit Messages

ESF 7 introduces support for logging audit messages and new dedicated APIs.
The purpose of these APIs is to track some information about the origin of external requests. Like the entrypoint, the device ip and user which performed a particular action.
Examples of entrypoints are the WebConsole, ESF Rest service and MQTT request handler calls.

The format of the logged messages is similar to the following:

Feb 22 09:34:17 reliagate-10-14 ESF[4197]: {entrypoint=WebConsole, identity=admin, ip=172.16.0.100, web.path=/admin/denali/component, rpc.method=GwtComponentServiceImpl.findComponentConfigurations, session.id=node01b8ximf0w0tahpe06l6yzw20x0} UI Component - Success - List component configurations

A audit message has the following structure:

{ properties } component_name - result - description

Where

  • properties is a comma separated list of key=value pairs
  • component_name is a string that identifies the component that produced the audit message
  • result is either Success or Failure
  • description is a descriptive string

Some of the property keys are defined by Kura APIs:

  • entrypoint: Identifies the entrypoint of the audit message, this property is always present. possible values are:
    • WebConsole: refers to messages originated by a Web Console interaction
    • RestService: refers to messages originated by a REST request
    • DefaultCloudConnectionService: refers to messages originated by a MQTT request handler call performed by the default CloudConnectionService implementation
    • Internal: refers to messages whose origin cannot be tracked
  • ip: The IP address of the device with performed the request, can be missing.
  • identity: The Kura Identity associated with the request, can be missing.

other property keys can be added by the specific entrypoint.