Skip to main content
Version: 7.9

Audit Log

Introduction

The audit log maintains records of user actions happening in the system for security auditing and compliance purposes. The types of records being recorded include:

  • Successful user authentication.
  • Failure of Create, Update, or Delete (CUD) operations on security objects such as users, roles, and groups.
  • Success and failure to access (read) security objects such as users, roles, and groups.
  • Success and failure of CUD operations from UI on Automations and ActionTasks, including their versions.
  • Success and failure to access (read) Automations and ActionTasks from UI only.
  • IP addresses of external systems accessed by pull-type gateways.

Accessing the Audit Log

Take the following steps to view the audit log:

  1. Log in to Resolve Actions Pro as an admin.
  2. Go to Main Menu > System Logs > Audit Log.

On the dashboard that appears, you can browse the audit log, search it, filter it down, and export it.

Exporting the Audit Log

Take the following steps to export the audit log in CSV format:

  1. Log in to Actions Pro as an admin.
  2. Go to Main Menu > System Logs > Audit Log.
  3. Click Export and save the export to your local system.

Configuring Retention

Audit log records are stored in the SQL database. You can control for how long they are kept before being deleted.

There is no option to delete the entire Audit Log.

Use the following system property to control the retention period of audit log records:

  • rsview.auditlog.retention.days - A period (in days) for which to keep an audit log records before deleting it. Valid values: 1 to 365. Zero, negative values, and non-integer values are revised to 30. Values over 365 are revised to 365. Defaults: 30 (Commercial), 90 (Government).

You can change system properties by going to Main Menu > System Administration > System Properties.

Data Tempering Mitigation

Audit log records are stored in the SQL database. Each record is protected with a cryptographic fingerprint to mitigate tempering attempts. The cryptographic fingerprint is then used to verify if the record is valid before showing it on the Audit Log screen as green in the Hash column.

Generic Audit Log Settings

Use the system properties listed in the table below to control different aspects of the audit log.

You can change system properties by going to Main Menu > System Administration > System Properties.

  • rsview.auditlog.filter.tolerance—Time tolerance (in seconds) used when searching the audit log. It only applies when searching on the Created On field using the between filter.

    Both the start time and the end time of the filter are extended with the tolerance. Given a tolerance of 5, 5 sec will be added before the start time and another 5 will be added after the end time, increasing the time frame by a total of 10 seconds.

    Defaults:

    • Commercial release: 0
    • Government release: 5