Data protection
Audit-Log
Here, you can check the checkbox Enable loggingto specify that the following events are logged to an Audit.log file in the directory//vdServerArchiveVD$ALogs
. The file Audit.log is a NDJSON (newline delimited JSON) file.
- Authentications of all kinds (login, updating internal tokens, etc.)
- Changing passwords
- Changing LDAP configuration
- Changing account policies
- Changing group roles, users and user rights
- Updates in maintenance mode
When theAudit.log
file reaches a certain size, it is backed up, compressed and then a new file is created. After the number of days specified in the Retention period field, the old files are deleted.
You can use the Audit.log file to detect various anomalies, such as logon attempts by a user who should not currently be working on the system or particularly frequent logon errors by a particular user.
The file contains the following fields:
- method: API method or function that writes the entry
- address: IP address of the client calling the function
- resource_type: Resource type (may include some events)
- event: resource type (may include some events)
- type: subtype of an event
- identifier: resource that was updated
- userId: ID of the authenticated user making the request
- diff: differences that were made
Examples:
{"ts":"2023-03-01T14:41:43.0264917+01:00","method":"/auvesy.versiondog.authentication.v1. Authentication/Authenticate","address":"[::1]:55562","type":"credentials","resource_type":"authentication","event":"authenticate_failure","identifier":"7f940798-4441-4713-9481-1224b8cd5fe7","user_id":"7f940798-4441-4713-9481-1224b8cd5fe7"}
A user with the ID “7f940798-4441-4713-9481-1224b8cd5fe7” tried to log in. Authentication failed or the password contained a spelling error, for example.
{"ts":"2023-03-02T09:45:04.5424827+01:00","method":"/auvesy.versiondog.usermanagement.v1.UserManagement/BatchUpdateUserManagement","address":"127.0.0. 1:57202","diff":"[{"type":"create","path":["Groups","1","ID"],"from":null,"to":"26ed3e60-53f7-4f18-af72-8da19a1dd6aa"}]","resource_type": "user","event":"update","identifier":"f45c1717-412f-474e-866b-1477803b34fc","user_id":"7f940798-4441-4713-9481-1224b8cd5fe7"}
A user with ID “7f940798-4441-4713-9481-1224b8cd5fe7” has made a change in the User Management module: A user with ID “f45c1717-412f-474e-866b-1477803b34fc” has been assigned to the group with ID “26ed3e60-53f7-4f18-af72-8da19a1dd6aa”.