Monitoring Unified Assurance User Activity

You can use the Audit Log Replication Data Importer service to save a log of Oracle Communications Unified Assurance UI or API user activity in the Historical database, and users with the correct permissions can view the audit information by running an OpenSearch query.

About User Activity Data

The following API or UI actions prompt a log entry:

• Successful login

• Failed login attempt

• Successful create, update, and delete operations

• Failed create, update, and delete operations

The following example shows a log entry that is created when a user logs in:

"_source": {
  "agent": {
    "hostname": "hostname.example.com",
    "type": "auditlog-repl-importer"
  },
  "MessageDate": "2026-02-20T12:31:06Z",
  "@timestamp": "2026-02-20T12:31:06.075Z",
  "User": {
    "name": "user",
    "id": "1"
  },
  "TypeDescr": "AUTHENTICATION",
  "MessageID": 83,
  "MessageInfo": "User logged in from example.com(198.51.100.1)",
  "Result": "SUCCESS"
}  

User Activity Log Retention and Access

By default, user activity log data is retained for 12 months. You can change the retention period by changing the state management policy. See Changing OpenSearch State Management Policies for more details.

You can only access user activity log data if your Unified Assurance role has the Admin permission under the eventAnalytics package.

Setting Up User Activity Logging

To set up user activity logging:

1. Make sure you have AnalyticsWizard running:

   ./AnalyticsWizard
   

2. Switch AnalyticsWizard to auditlog mode:

   ./AnalyticsWizard --mode auditlog
   

   See AnalyticsWizard and Audit Log Replication Data Importer in Unified Assurance Implementation Guide for more information about these applications.

Customizing Audit Log Entries

The Audit Log Replication Data Importer includes the auditlogs OpenSearch ingest pipeline. You can update the pipeline to customize audit log entries before they are added to OpenSearch.

To update the pipeline:

1. From the Analytics menu, select Events, then Administration, and then Console.

2. Enter the following in the console:

   PUT _ingest/pipeline/auditlogs
   {
   "description": "This auditlogs pipeline",
   "processors": [
   <array_of_processors>
   ]
   }     
   

   where <array_of_processors> is the array of processors you want to use to customize the log entries. See Ingest processors in the OpenSearch documentation for a full list of processors you can use.

3. Click the green triangle on the first line of the request to submit it.

Viewing User Activity Logs

To view user activity logs in the Unified Assurance UI:

1. From the main navigation menu, select Analytics, then Events, and then Home.

2. Expand the menu in the top left corner of the OpenSearch UI, and select Query Workbench under OpenSearch Plugins.

3. Run an OpenSearch query against the auditlogs-* index:

   select * from auditlogs-*
   

   You can see the user activity log data in the Results section.

4. Optionally, in the Results section, select Download to export the user activity log data in JDBC, CSV, or text format.

---

Title and Copyright Information

Security Guide

G49436-01

Copyright © 2026, Oracle and/or its affiliates.