6 Auditing
This module is responsible for collecting and storing audit data from incoming REST request and response. Key details such as user id, IP address, resource name, HTTP request type and request URL etc. are collected from the incoming request and stored in a secure location. Audit records can be stored either in a database table or in a file.
6.1 Audit Interceptor Execution Flow
The audit module (rendered in green) design follows an interceptor pattern as shown in the above flow diagram. Here, incoming and outgoing REST API transactions are intercepted for extracting audit data elements.
Once the data is extracted, audit information goes to either a database table or a file (depending on storage settings defined in the FHIR server configuration file).
6.2 Audit Record Format
Audit record data format is as shown below.
| Audit data element | Description |
|---|---|
| AUDIT_ID | Unique identifier for audit record |
| USER_ID | User ID |
| RESOURCE_NAME | FHIR resource name |
| HTTP_REQ_TYPE | HTTP request type - GET, POST, and so forth |
| REQUEST_URL | Incoming request URL |
| HTTP_RES_CODE | HTTP response code - 200, 201, 500, ... |
| SOURCE_IP_ADDRESS | Source system IP address |
| PROCESSING_TIME_MILLIS | Time taken to complete REST request |
| REQUEST_PAYLOAD | Payload |
| RESPONSE_PAYLOAD | Response payload |
| EVENT_TIMESTAMP | Timestamp |
| ATNA_AUDITEVENT | Audit record in the form of AuditEvent json |
6.3 Settings
Audit service functionality can be controlled using a configuration file. The file is located at <HDR_DOMAIN>/config/fhir/hdr_fhir.properties.
For example, if there is a requirement to store message payload as part of an audit record, change ”audit.savemessagepayload.enabled” property to true. Other important entries in the properties file is as shown below.
#audit enabled - true or false audit.enabled=true #audit storage type - FILE or DB audit.datastore.type=FILE
If ’FILE' is selected as the storage type, audit data goes to a file named audit-hdr-fhir.log.
If ’DB' is selected as the storage type, audit data goes to a table called OHF_HDR_FHIR_AUDIT. Refer to the FHIR eTRM document for more information about the Audit table.
#collect request/response payload message – true or false audit.savemessagepayload.enabled=false