Audit Trail Records
Purpose¶
Configure and write audit trail records to a configured Big Data channel.
Methods¶
Binding name: p6.audit
Method: boolean open(String id, String schemaUri)
Creates or checks for the existence of the audit channel with the given id.
Once the named audit channel has been created this method no longer needs to be called.
The schemaUri must point to a local file (e.g. protocol file: only), a JSON formatted file that describes the structure of the audit record.
Returns true if channel already exists or creation was successful
Method: void post(String id, Map values)
Posts an audit record to the named audit channel using the supplied values.
The id must be the name of a previously opened audit channel.
The values map is a map of String keys with either String values or lists of other values map (in the case of nested audit record).
Method: void post(String id, String values)
Posts an audit record to the named audit channel using the supplied values String.
The id must be the name of a previously opened audit channel.
The values map is a String formatted appropriately for the auditing provider. For example: JSON for ELASTICSEARCH
Details¶
Supported auditing providers:
- LOG4J log4j
- ELASTICSEARCH Elasticsearch from Elastic
The provider is specified in the Platform 6 application.conf file.
The provider attributes are also specified in the application.conf and vary depending upon the chosen provider.
p6.service.auditing.provider=ELASTICSEARCH
p6.audit.elasticsearch {
host: "log.amalto.com"
port: 9200
scheme: "http"
}
Application identifier
Both Google BigQuery and Elastic Search can be shared by multiple instances of Platform 6.
Therefore the Platform 6 application_id is used to extend and uniquely name each audit trail.
For more details see Audit Provider documentation: Audit Providers.
Examples¶
JSON is used to define the structure (schema) of an audit trail. The syntax differs depending upon the audit provider type:
ELASTICSEARCH: es-myindex.json
{
"mappings": {
"myindex": {
"_all": {
"enabled": false
},
"properties": {
"timestamp": {
"type": "date",
"format": "YYYY-MM-dd HH:mm:ss.SSSZ"
},
"company": {
"type": "text",
"fields":{"keyword":{"type":"keyword","ignore_above":256}}
},
"amount": {
"type": "float"
},
"taxes": {
"type": "nested",
"properties": {
"salestax": {
"type": "float"
},
"taxrate": {
"type": "float"
}
}
}
}
}
}
}
Elasticsearch Schema
The Platform 6 audit trail client auto-generates a timestamp value. So it is advisable to add a mapping definition.
This is an example Groovy script which created the defined structure using JSON.
def success = p6.audit.open("myindex")
println success
Writing to an audit trail
Writing (posting) to an audit trail is simple in Groovy.
def auditValues = [:]
auditValues["company"] = "Amalto"
auditValues["amount"] = 101.12
p6.audit.post "myindex", auditValues
Note
Once an audit trail table has been created there is no need to use the ‘open’ method again… unless you need to validate its existence.
Writing to a nested audit trail
Writing to a nested RECORD is more tricky.
def auditValues = [:]
def taxValues = []
def taxValue1 = [:]
taxValue1["salestax"] = 12.35
taxValue1["taxrate"] = 10
taxValues.push(taxValue1)
def taxValue2 = [:]
taxValue2["salestax"] = 123.45
taxValue2["taxrate"] = 100
taxValues.push(taxValue2)
auditValues["taxes"] = taxValues
auditValues["company"] = "Amalto"
auditValues["amount"] = 123.45
p6.audit.post "myindex", auditValues