> Administrator Guide > Audit

Administrator Guide

     Previous  Next    Open TOC in new window    View as PDF - New Window  Get Adobe Reader - New Window
Content starts here

Audit

This chapter describes how to configure and use the auditing functionality of AquaLogic Ensemble. Auditing provides information about the creation, modification, and deletion of Ensemble resources and policies from within the Ensemble Console, along with usage information for resources proxied by Ensemble.

This chapter is divided into the following sections:

 

Enabling Audit

Auditing data is automatically recorded when Ensemble resources and policies are created, modified, or deleted.

You can enable and disable auditing of usage for each proxied resource. When you create a resource, its audit status defaults to disabled.

To change the audit status of a resource:

  1. Launch the Ensemble Console.
  2. Click the AUDIT tab.
  3. Click the name of the resource you want to configure.
  4. To enable or disable auditing, next to Audit Status, select Enabled or Disabled.
  5. Click Save.

 

Generating Audit Reports

Audit information is stored in the Ensemble database. You can generate audit reports using SQL queries. The following sections provide sample SQL scripts and describe the data returned by the queries:

Auditing Access to Proxied Resources

Audit information regarding access to proxied resources is stored in the ACCESSAUDITRECORDS table in the Ensemble database.

Example SQL Queries

The following query displays all accesses to any resource by a specific username. Replace owner with the database owner of the ACCESSAUDITRECORDS table. 

select ID, CREATE_DATE, USERNAME, USERTYPE, SERVICENAME, RESOURCE_ID, RESOURCENAME, ACCESSSUCCESS, ACCESSURL, ACCESSPRIMAUTHENTICATIONMETHOD, ACCESSRESAUTHENTICATIONMETHOD
from owner.ACCESSAUDITRECORDS
where USERNAME='username';

The following query displays all accesses by a specific username to a specific resource. Replace owner with the database owner of the ACCESSAUDITRECORDS table. 

select ID, CREATE_DATE, USERNAME, USERTYPE, SERVICENAME, RESOURCE_ID, RESOURCENAME, ACCESSSUCCESS, ACCESSURL, ACCESSPRIMAUTHENTICATIONMETHOD, ACCESSRESAUTHENTICATIONMETHOD
from owner.ACCESSAUDITRECORDS
where USERNAME='username' and RESOURCENAME='resource';

You should create custom queries to meet your reporting needs.

Schema Description

The following table describes the ACCESSAUDITRECORDS schema.

Table 10-1 ACCESSAUDITRECORDS
Column
Description
ID
A unique identifier for the audit record in this table.
CREATE_DATE
The date and time the audit event was created.
USERNAME
The name of the user accessing the resource.
USERTYPE
A comma-delimited list of roles. Roles are assigned by the experience definition associated with the user when the resource is accessed.
SERVICENAME
The fully-qualified domain name of the Ensemble proxy server.
ACCESSSUCCESS
1 if the resource is successfully accessed. 0 if access to the resource fails.

Note: Access to the resource fails if the HTTP request from the proxy service to the proxied resource fails, or if the user does not have a role required to access the resource. If the user does not authenticate with Ensemble, no audit event is generated.
ACCESSURL
The URL the user used to access the resource.
ACCESSIPADDRESS
The user's IP address.
ACCESSPRIMAUTHENTICATIONMETHOD
The authentication method used to authenticate the user. Possible values include:
  • Basic authentication: [class com.plumtree.runner.authentication.integrated.BasicAuthIntegratedAuthenticator]
  • Form authentication: INTERACTIVE
  • Oracle COREid authentication: Oracle COREid Autenticator
  • SPNEGO authentication: SPNEGO
  • SiteMinder authentication: CA SiteMinder Authenticator
ACCESSRESAUTHENTICATIONMETHOD
The authentication method used by Ensemble to access the proxied resource. Possible values are:
  • Autologin Disabled
  • Basic
  • Form
  • None Selected

Auditing Creation, Modification, and Deletion of Ensemble Resources

Audit information regarding the creation, modification, and deletion of Ensemble resources is stored in two tables in the Ensemble database: RESOURCECONFIGAUDITRECORDS and RESOURCECONFIGDATA.

RESOURCECONFIGAUDITRECORDS stores information about who modifies which resources, and when.

RESOURCECONFIGDATA stores snapshot of the properties of the resource. This allows you to see how the resource changes with each modification.

Example SQL Queries

The following query displays all creation, modification, or deletion of resources by a specific username. Replace owner with the database owner of the RESOURCECONFIGAUDITRECORDS table. 

select ID, CREATE_DATE, USERNAME, USERTYPE, OWNERNAME, POLICYOWNERNAME, ENABLED_FLAG, SERVICENAME, RESOURCE_ID, RESOURCENAME, ACTIONTYPE
from owner.RESOURCECONFIGAUDITRECORDS
where USERNAME='username';

The following query displays the details of how a specific resource was modified. 

select owner.RESOURCECONFIGDATA.record_id, owner.RESOURCECONFIGDATA.pageNumber, owner.RESOURCECONFIGAUDITRECORDS.USERNAME, owner.RESOURCECONFIGAUDITRECORDS.RESOURCENAME, owner.RESOURCECONFIGDATA.properties
from owner.RESOURCECONFIGAUDITRECORDS, owner.RESOURCECONFIGDATA
where owner.RESOURCECONFIGAUDITRECORDS.ID=owner.RESOURCECONFIGDATA.record_id
and owner.RESOURCECONFIGAUDITRECORDS.RESOURCENAME='resource';

You should create custom queries to meet your reporting needs.

Schema Description

The following table describes the RESOURCECONFIGAUDITRECORDS schema.

Table 10-2 RESOURCECONFIGAUDITRECORDS
Column
Description
ID
A unique identifier for the audit record in this table.
CREATE_DATE
The date and time the audit event was created.
USERNAME
The name of the user creating, modifying, or deleting the resource.
USERTYPE
The highest administrative role of the user that allows him to make the resource configuration change. Possible values, from highest to lowest, are:
  1. Administrators
  2. Managers
  3. Resource Owners
OWNERNAME
GUID of the resource owner.
POLICYOWNERNAME
GUID of the policy owner of the policy associated with this resource.
SERVICENAME
The fully-qualified domain name of the Ensemble proxy server.
RESOURCE_ID
The ID of the resource in the RESOURCES table.
RESOURCENAME
The name of the resource.
ACTIONTYPE
An integer from 0-2 that indicates what has been done to the resource:
  • 0: Resource created.
  • 1: Resource modified.
  • 2: Resource deleted.

Note: OWNERNAME and POLICYOWNERNAME GUIDs come from the AquaLogic Interaction portal database. These values are stored in the PTMIGRATION table, which can be joined with the PTUSERS table to match user names with GUIDs.

The following table describes the RESOURCECONFIGDATA schema:

Table 10-3 RESOURCECONFIGDATA
Column
Description
record_id
Associates this entry with a record in RESOURCECONFIGAUDITRECORDS.
properties
A CR-delimited string of name/value pairs that provides a snapshot of the resource's configured values.
pageNumber
The properties column may require multiple rows. In cases where multiple rows are required, pageNumber is incremented for each additional row for a given record_id.

Auditing Creation, Modification, and Deletion of Ensemble Policies

Audit information regarding the creation, modification, and deletion of Ensemble policies is stored in two tables in the Ensemble database: AUTHORIZATIONCONFIGAUDITRECS and AUTHORIZATIONCONFIGDATA.

AUTHORIZATIONCONFIGAUDITRECS stores information about who modifies which policies, and when.

AUTHORIZATIONCONFIGDATA stores snapshot of the properties of the policy. This allows you to see how the policy changes with each modification.

Example SQL Queries

The following query displays all creation, modification, or deletion of policies by a specific username. Replace owner with the database owner of the AUTHORIZATIONCONFIGAUDITRECS table. 

select ID, CREATE_DATE, USERNAME, USERTYPE, OWNERNAME, POLICYOWNERNAME, ENABLED_FLAG, SERVICENAME, RESOURCE_ID, RESOURCENAME, ACTIONTYPE
from owner.AUTHORIZATIONCONFIGAUDITRECS
where USERNAME='username';

The following query displays the details of how a specific policy policy was modified. 

select owner.AUTHORIZATIONCONFIGDATA.record_id, owner.AUTHORIZATIONCONFIGDATA.pageNumber, owner.AUTHORIZATIONCONFIGAUDITRECS.USERNAME, owner.AUTHORIZATIONCONFIGAUDITRECS.RESOURCENAME, owner.AUTHORIZATIONCONFIGDATA.properties
from owner.AUTHORIZATIONCONFIGAUDITRECS, owner.AUTHORIZATIONCONFIGDATA
where owner.AUTHORIZATIONCONFIGAUDITRECS.ID=owner.AUTHORIZATIONCONFIGDATA.record_id
and owner.AUTHORIZATIONCONFIGAUDITRECS.RESOURCENAME='policy';

Custom queries should be created to meet your reporting needs.

Schema Description

The following table describes the AUTHORIZATIONCONFIGAUDITRECS schema.

Table 10-4 AUTHORIZATIONCONFIGAUDITRECS
Column
Description
ID
A unique identifier for the audit record in this table.
CREATE_DATE
The date and time the audit event was created.
USERNAME
The name of the user creating, modifying, or deleting the resource.
USERTYPE
The highest administrative role of the user that allows him to make the resource configuration change. Possible values, from highest to lowest, are:
  1. Administrators
  2. Managers
  3. Resource Owners
OWNERNAME
GUID of the resource owner this policy is associated with.
POLICYOWNERNAME
GUID of the policy owner of the policy set.
SERVICENAME
The fully-qualified domain name of the Ensemble proxy server.
RESOURCE_ID
The ID of the policy set in the POLICIES table.
RESOURCENAME
The name of the policy set.
ACTIONTYPE
An integer from 0-2 that indicates what has been done to the resource:
  • 0: Policy set created.
  • 1: Policy set modified.
  • 2: Policy set deleted.

Note: OWNERNAME and POLICYOWNERNAME GUIDs come from the AquaLogic Interaction portal database. These values are stored in the PTMIGRATION table, which can be joined with the PTUSERS table to match user names with GUIDs.

The following table describes the AUTHORIZATIONCONFIGDATA schema:

Table 10-5 AUTHORIZATIONCONFIGDATA
Column
Description
record_id
Associates this entry with a record in AUTHORIZATIONCONFIGAUDITRECS.
properties
A CR-delimited string of name/value pairs that provides a snapshot of the policy set's configured values.
pageNumber
The properties column may require multiple rows. In cases where multiple rows are required, pageNumber is incremented for each additional row for a given record_id.


  Back to Top       Previous  Next