This chapter describes how to configure and use the auditing functionality of AquaLogic Ensemble. Auditing provides information about the creation, modification, and deletion of Ensemble resources and policies from within the Ensemble Console, along with usage information for resources proxied by Ensemble.
This chapter is divided into the following sections:
Auditing data is automatically recorded when Ensemble resources and policies are created, modified, or deleted.
You can enable and disable auditing of usage for each proxied resource. When you create a resource, its audit status defaults to disabled.
To change the audit status of a resource:
Audit information is stored in the Ensemble database. You can generate audit reports using SQL queries. The following sections provide sample SQL scripts and describe the data returned by the queries:
Audit information regarding access to proxied resources is stored in the ACCESSAUDITRECORDS table in the Ensemble database.
The following query displays all accesses to any resource by a specific username. Replace owner with the database owner of the ACCESSAUDITRECORDS table.
select ID, CREATE_DATE, USERNAME, USERTYPE, SERVICENAME, RESOURCE_ID, RESOURCENAME, ACCESSSUCCESS, ACCESSURL, ACCESSPRIMAUTHENTICATIONMETHOD, ACCESSRESAUTHENTICATIONMETHOD
from owner.ACCESSAUDITRECORDS
where USERNAME='username';
The following query displays all accesses by a specific username to a specific resource. Replace owner with the database owner of the ACCESSAUDITRECORDS table.
select ID, CREATE_DATE, USERNAME, USERTYPE, SERVICENAME, RESOURCE_ID, RESOURCENAME, ACCESSSUCCESS, ACCESSURL, ACCESSPRIMAUTHENTICATIONMETHOD, ACCESSRESAUTHENTICATIONMETHOD
from owner.ACCESSAUDITRECORDS
where USERNAME='username' and RESOURCENAME='resource';
You should create custom queries to meet your reporting needs.
The following table describes the ACCESSAUDITRECORDS schema.
Audit information regarding the creation, modification, and deletion of Ensemble resources is stored in two tables in the Ensemble database: RESOURCECONFIGAUDITRECORDS and RESOURCECONFIGDATA.
RESOURCECONFIGAUDITRECORDS stores information about who modifies which resources, and when.
RESOURCECONFIGDATA stores snapshot of the properties of the resource. This allows you to see how the resource changes with each modification.
The following query displays all creation, modification, or deletion of resources by a specific username. Replace owner with the database owner of the RESOURCECONFIGAUDITRECORDS table.
select ID, CREATE_DATE, USERNAME, USERTYPE, OWNERNAME, POLICYOWNERNAME, ENABLED_FLAG, SERVICENAME, RESOURCE_ID, RESOURCENAME, ACTIONTYPE
from owner.RESOURCECONFIGAUDITRECORDS
where USERNAME='username';
The following query displays the details of how a specific resource was modified.
select owner.RESOURCECONFIGDATA.record_id, owner.RESOURCECONFIGDATA.pageNumber, owner.RESOURCECONFIGAUDITRECORDS.USERNAME, owner.RESOURCECONFIGAUDITRECORDS.RESOURCENAME, owner.RESOURCECONFIGDATA.properties
from owner.RESOURCECONFIGAUDITRECORDS, owner.RESOURCECONFIGDATA
where owner.RESOURCECONFIGAUDITRECORDS.ID=owner.RESOURCECONFIGDATA.record_id
and owner.RESOURCECONFIGAUDITRECORDS.RESOURCENAME='resource';
You should create custom queries to meet your reporting needs.
The following table describes the RESOURCECONFIGAUDITRECORDS schema.
Note: | OWNERNAME and POLICYOWNERNAME GUIDs come from the AquaLogic Interaction portal database. These values are stored in the PTMIGRATION table, which can be joined with the PTUSERS table to match user names with GUIDs. |
The following table describes the RESOURCECONFIGDATA schema:
Audit information regarding the creation, modification, and deletion of Ensemble policies is stored in two tables in the Ensemble database: AUTHORIZATIONCONFIGAUDITRECS and AUTHORIZATIONCONFIGDATA.
AUTHORIZATIONCONFIGAUDITRECS stores information about who modifies which policies, and when.
AUTHORIZATIONCONFIGDATA stores snapshot of the properties of the policy. This allows you to see how the policy changes with each modification.
The following query displays all creation, modification, or deletion of policies by a specific username. Replace owner with the database owner of the AUTHORIZATIONCONFIGAUDITRECS table.
select ID, CREATE_DATE, USERNAME, USERTYPE, OWNERNAME, POLICYOWNERNAME, ENABLED_FLAG, SERVICENAME, RESOURCE_ID, RESOURCENAME, ACTIONTYPE
from owner.AUTHORIZATIONCONFIGAUDITRECS
where USERNAME='username';
The following query displays the details of how a specific policy policy was modified.
select owner.AUTHORIZATIONCONFIGDATA.record_id, owner.AUTHORIZATIONCONFIGDATA.pageNumber, owner.AUTHORIZATIONCONFIGAUDITRECS.USERNAME, owner.AUTHORIZATIONCONFIGAUDITRECS.RESOURCENAME, owner.AUTHORIZATIONCONFIGDATA.properties
from owner.AUTHORIZATIONCONFIGAUDITRECS, owner.AUTHORIZATIONCONFIGDATA
where owner.AUTHORIZATIONCONFIGAUDITRECS.ID=owner.AUTHORIZATIONCONFIGDATA.record_id
and owner.AUTHORIZATIONCONFIGAUDITRECS.RESOURCENAME='policy';
Custom queries should be created to meet your reporting needs.
The following table describes the AUTHORIZATIONCONFIGAUDITRECS schema.
Note: | OWNERNAME and POLICYOWNERNAME GUIDs come from the AquaLogic Interaction portal database. These values are stored in the PTMIGRATION table, which can be joined with the PTUSERS table to match user names with GUIDs. |
The following table describes the AUTHORIZATIONCONFIGDATA schema: