Audit Messages
ESF 7 introduces support for logging audit messages and new dedicated APIs.
The purpose of these APIs is to track some information about the origin of external requests. Like the entrypoint, the device ip and user which performed a particular action.
Examples of entrypoints are the WebConsole, ESF Rest service and MQTT request handler calls.
The format of the logged messages is similar to the following:
Feb 22 09:34:17 reliagate-10-14 ESF[4197]: {entrypoint=WebConsole, identity=admin, ip=172.16.0.100, web.path=/admin/denali/component, rpc.method=GwtComponentServiceImpl.findComponentConfigurations, session.id=node01b8ximf0w0tahpe06l6yzw20x0} UI Component - Success - List component configurations
A audit message has the following structure:
{ properties } component_name - result - description
Where
- properties is a comma separated list of key=value pairs
- component_name is a string that identifies the component that produced the audit message
- result is either
Success
orFailure
- description is a descriptive string
Some of the property keys are defined by Kura APIs:
- entrypoint: Identifies the entrypoint of the audit message, this property is always present. possible values are:
WebConsole
: refers to messages originated by a Web Console interactionRestService
: refers to messages originated by a REST requestDefaultCloudConnectionService
: refers to messages originated by a MQTT request handler call performed by the default CloudConnectionService implementationInternal
: refers to messages whose origin cannot be tracked
- ip: The IP address of the device with performed the request, can be missing.
- identity: The Kura Identity associated with the request, can be missing.
other property keys can be added by the specific entrypoint.
Updated almost 4 years ago