Skip to main content

Managing Audit Trails

The audit trails list

Here you can view, delete, edit all your audit trails and add new ones.

Adding an audit trail

To add an audit trail click the add button in the top right corner of the page, this will open the audit trail form.

Deleting audit trail(s)

To delete one or multiple audit trails, select the rows in the list and click the Delete button in the top right corner of the page.

Viewing an audit trail

To view an audit trail you can double-click on the desired audit trail or click on the eye in the view column.

Editing an audit trail

To edit an audit trail you can click on the pencil in the edit column, this will open the audit trail form.

audits_list

The audit trail form

This forms allow you to create or edit audit trails, you can use all sorts of search parameters to filter through all the events recorded by the server and get what you need.

Name and description

You need to give a unique name to your audit trail and a description.

form1

Search parameters

Sort by
You can sort by Time, Type, Target, Object Name, Object ID, and Username. The sorting is in ascending order. The default sorting is by time.

Period
You can search events that occurred Today, This week, This month, This year, Last days, Last weeks, Last months, Last years.
When you select an option starting with "Last" you may specify an amount.

Username
You can filter events made by a user using the username of the user. It needs to be the exact username.
Some events like "Login failed" can't record users so keep that in mind when using this parameter.

Browser
You can filter events with the information contained in the browser column of the events.
It will check if your entry is contained inside the browser info.
In our example we use "Firefox". If an event browser info contains "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/119.0" it will keep it in the search

URL
You can filter events using the url that was used in the event. It needs to be the exact path.

form2

IP
You can filter the events using the IP used in the event. It needs to be the exact IP. You can search for multiple IPs at the same time.

form3

Types and Targets
You can select the Type of the event. You can select multiple Types. For every Type filter you add you can also select the Target of the event. You can select multiple Targets per Type. Putting no filter is the same as putting an "All" filter

form4

When you are done tuning the audit trail to your needs inside the form you can save it, and it will create/update the audit trail. You will then find your audit trail in the audit trails list page.

The audit trail view

From here you can view the parameters of the audit trail and the number of events found with that audit trail the last time you used it. You can also go to the edit form, go back to the list or access the results of the audit trail.

preview

Using the audit trails

There are two ways of using and accessing the results of your audit trails :

The manual way

You need to access the results from the audit trail view page.

results

Here are the results of an audit trail with no search parameters, this means that it will extract every event.

From here you can preview the results and export them in three file formats : JSON, XML and CSV You can choose if you want the file to have a timestamp in its name. Upon clicking "Save" a download will start. The results you exported will contain a more detailed browser entry and an "event_more_info" entry that, depending on the type of event, can contain information

export

The workflow way

You can use the "Audit trail" task in the workflow designer and export automatically the results of the audit trail of your choice in a local directory of the server using a file connector.

Configuring how much time the audit events stay in the database

In the factory.ini file you can find at ait_factory/conf/factory.ini there is a variable called STORING_TIME_IN_DAYS at line 186. Here you can define the number of days you want the events to stay in the database.