Component: Audit Log Export

Introduction

Audit Log Export component is a component that exports audit log data periodically. Which data can be exported and how it is represented in the output file can be configured flexibly. The version 1.0.0 only supports CSV output file but it is designed to be extendable.

Features

Settings

Settings page is used to manage general settings of the components, such as connection and output file. The settings will be automatically created if it does not exist.

Settings page

Edit Settings

To edit the settings, click on the Edit button.

Settings edit button

The dialog of Edit Settings will be opened. On the dialog, you can see two sections:

Settings edit dialog

General settings

SFTP Connection: This setting is required. You must select one SFTP connection from the dropdown list on the dialog.

When an SFTP connection is selected, the information of the corresponding Host, Port, and Root path will be shown.

Note: Read SFTP hub to learn how to set up SFTP connection

File settings Below are settings for the output file. These settings, when are set, will override the settings of the plugin which handles the output file.

File type [required]: You can choose the type of the output file via this setting. CSV is the only option in the current version of the component.
Culture [optional]: It is the culture information of the output file which affects formats of some values in the file. The default value is the current culture of the web server.
Date time format [optional]: Values which are date time will follow this format setting. If the setting is unset, the short date format of the set or current culture will be used.
Encoding [optional]: This setting specifies how the content of the file is encoded. The default value is UTF-8.
Byte order mark (BOM): The checkbox indicates whether the BOM should be inserted to the file or not. It also depends on the encoding setting. If the used encoding does not support BOM then this setting is ignored. By default, the BOM is disabled.
Escape character [optional]: If it is defined, the defined character will be escaped in the content of the file.
Enclosing character [optional] [For CSV only]: If any value in the file needs to be enclosed, the component will use this defined character to enclose the value.
Enclose all [For CSV only]: With this setting enabled, the component will enclose all values in the content of the file.
Delimiter [optional] [For CSV only]: The string that separates fields' values in the content of the output file. If it is not defined, the component will use the delimiter from the the set or current culture.

Audit Log Collection Manager

Audit Log Export component provides flexible configurations for what and how audit logs are exported.

On this page, you can view, add, edit or delete audit log collection configurations. In addition, this page also provides import and export features that help to move the configurations around different environments. These two features can also be used to do the restore and backup tasks.

Audit log collection manager

This page has a basic layout which consists of a list and some actions to manipulate items on the list.

Audit Log Collection List

The list includes 9 columns:

Collection name:: The name of the collection
Description: Some details or notes about the collection
Partition field: The field which is used to split the data into partitions for each run
Maximum records per file: The number of maximum records can be included in one file
Worker sites: The worker sites' names that are used to filter audit logs
Created at: The date time that the collection is created
Modified at: The latest date time that the collection is modified
Modified by: The name of the user that modified the collection
Active: Indicates if the collection is included in a run

Audit log collection list

Add or Edit Audit Log Collection

To add a new audit log collection, click on the Add button. To edit an existing audit log collection, click on the Edit button.

Add or edit audit log collection

On the popup dialog, you can input the configuration for the audit log collection:

Audit log collection add/edit dialog

Collection name [required]: You must input a representative name of the collection.
File name pattern [required]: The pattern of the file name. The name of the output file will follow this pattern. Because of that, the pattern cannot contain any of the following characters: \ / : * ? " < > |. However, the component supports some dynamic fields for the pattern:
- Use [[collection_name]] for the collection's name
- Use [[timestamp@]] for the current timestamp in a specific format. For example, [[timestamp@yyyy.MM.dd HHmm]]
- Use [[file_index]] for the index of the file. Don't use it if you want the system handles it automatically
Description [optional]: You can write anything you want in this field to describe the collection.
Partition field [optional]: Select a field that separate the audit logs in each run.
Maximum records per file [optional]: Enter a maximum number of records in an output file.
Audit log types [required]: Currently, there are two types of audit logs, one is Authorization and the other is Data Object. You can select one or both of them. The component will only export the audit logs which have the type that you select.
Worker sites: Audit logs can come from different worker sites. If you wish to get the audit logs on some specific worker sites, you can select as many as you want here. If you want all audit logs regardless of worker sites, you can just leave it empty.
Active: Mark it if you want the component to export audit logs for this collection. Otherwise, the component will ignore the collection.

Beside above configurations, you can also tell the component what data fields to be exported. The next section on the dialog is the list of the data fields.

Data fields

Here are attributes that can be configured for a data field:

Data source [required]: Select a data source from the dropdown list. For data fields that belong to the audit log, select AuditLog.
Name [required]: When the data source is changed, the selectable list of fields' names is changed correspondingly.
Alias [optional]: If it is defined, the component will use it as the header in the output file. If it is empty, the component will use the original field's name instead.
Transform rule [optional]: If you want to transform the raw data, select a proper rule. The data will be transformed before the file is generated.

After filling in the information, click on Save and close button to complete adding or editing the collection configuration.

Delete an Audit Log Collection

Select an audit log collection and click on the Delete button to delete an Audit log collection configuration.

Delete audit log collection

After clicking on the button, a confirmation dialog will be displayed. If you click on the Yes button, the configuration will be deleted immediately. If you select the No button, the deletion will be cancelled.

Delete audit log collection confirmation

Export Audit Log Collection Configurations

To export one or several audit log collection configurations, select them, then click on the Export button. The download will be started shortly. If there is no selection, the component will export all configurations.

Export audit log collection configurations

Import Audit Log Collection Configurations

Before getting started, please noted that all the data collection configs that exist in the destination environment will be overridden (Identified by collection name). To import audit log collection configurations, click on the Import button to open the import dialog.

Audit log collection configurations import dialog

Then, click on the placeholder of the File upload field to open file selection dialog.

Next, select a JSON file to import. After selecting the file, click on the Import button to start the import process. Click on Cancel button if you want to call off.

Audit log collection configurations import buttons

Scheduled Job

The export process is started automatically from a scheduled job. This scheduled job is configured to run daily at a specific time which varies for different applications.

When the time is up, the export starts. It will only process for active audit-log collections, one by one. If the collection is defined with the Partition field, the component will only get the audit logs, of which the partition field's value is between the latest successful run to the current time. Otherwise, the time is not taken in to the account.

After the audit logs are retrieved and all of the output files are generated successfully, the component will upload those prepared files to the SFTP server which is configured in the General settings. If there is any file which cannot be generated, the process will be cancelled.

All files are listed on the Audit log files page.

Audit Log File List

On the Audit log files page, you can see a list of audit log files which are involved in previous runs. Besides, you can also download generated files.

Here is the image of the page:

Audit log file list

As you can see in the screenshot, there are 5 columns on the file list, each shows different information:

File name: Obviously is the name of the file
Collection name: The name of the collection that the file belongs to
Status: The status of the file. Each file can have one out of seven different statuses:
- New: The component is ready to create the file
- Preparing: The content of the file is being prepared. The component is creating the file
- Failed to prepare: The component fails to prepare the file. The file is not created
- Prepared: The preparation of the file is complete. The file is saved to the application's storage
- Uploading: The file is being uploaded to the remote host
- Failed to upload: Something goes wrong while the file is being uploaded to the remote host
- Uploaded: The file is successfully uploaded
Created at: The timestamp that the file is prepared and saved to the storage at
Error message: Error that happens in the process

To download a file, select it on the list and click on the Download button. The file is available to be downloaded only if its status is Prepared, Uploading, Failed to upload or Uploaded.

Download audit log file

Installation

Requirements

Casewhere 2.6.0 or later.

Configuration

Import products: Casewhere SFTP Hub, Product-Cw CSV and Casewhere Audit Log Export
Link the administration page to your worker sites and configure access control
Configure the SFTP hub folder and SFTP connection
Configure the Audit Log Export settings

Dependencies

Component: SFTP hub
Plugin: CSV

Releases

1.0.0 - 06/06/2022

Changelog

Audit log export settings
Collection configuration
Output file list page

Download (login required): Audit Log Export v1.0.0

Roadmap

More format
Support different data storage: Sharepoint, Azure storage rather than SFTP