The HDR Audit Service [AuditService] is a core HDR interface that lets you log and monitor HDR activities, to monitor security policy and regulation compliance—by recording actions taken during user sessions. Such event records can help detect actual or attempted violations of policy and operation procedures.
The AuditService.createEventLog method lets you record an audit event record in the table OHF_HDR_AU_ACCESS_LOG
. You can use a reporting tool of your choice to generate auditing reports by querying this table for audit record details of a relevant event.
The EventLog value object has two attributes that are mandatory and validated; the rest are optional and not validated:
EventLog Value Object Attributes
Value Object | Attribute | Mandatory / Optional | Validated |
EventLog |
EventOutcome |
Mandatory | Not Validated |
EventLog |
EventType |
Mandatory | As a valid HDR profile option |
When createEventLog is called, the following checks are made to determine whether to record an event or to ignore the request:
If the CTB profile option CTB: Auditing On (CTB_AU_AUDIT_FLAG) is not set to Y, the audit event is not recorded.
If the Break-The-Glass profile option is turned on and the CTB profile option CTB: Audit All When in Break-The-Glass (CTB_AU_ALL_WHEN_BTG) is not set to Y, the audit event is not recorded.
If the attribute EventType of value object EventLog is a valid CTB profile option and the profile option is set to Y, the audit event is recorded.
Example 5-1 Create an Audit Event Record
The following code sample creates an audit event record:
AuditingHelper auditHelper = new AuditingHelper(); AuditService = mServiceLocator.getAuditService(); EventLog eventLog = auditHelper.newEventLog(); // "MyEventType" is a valid CTB profile option eventLog.setEventType("MyEventType"); // mEventOutcome is a valid membership code in the CTB_AU_EVENT_OUTCOME conceptlisteventLog.setEventOutcome(mEventOutcome); DataTypeFactory dataTypeFac = DataTypeFactory.getInstance(mServiceLocator); II ii = dataTypeFac.newII(mUID), dataTypeFac.newST(mST); SET_II iis = dataTypeFac.newSET_II(ii); // finally mAuditService.createEventLog(eventLog);
Audit event types can selectively be turned on or off. When both the global auditing flag and a particular audit event type are turned on, events of this particular type are audited by HDR Audit Service.
Following is the list of HDR audit event types is seeded for HDR use. By default, these event types are turned on.
CTB: Audit Receive Message
CTB: Audit Resending of Message
CTB: Audit Update OID
CTB: Audit Skipping of Message
CTB: Audit Generation of Message
CTB: Audit Query on Personal Health Information
CTB: Audit Insert/Update of Personal Health Information
Applications developed on the HDR Platform can define business audit event types in addition to the seeded event types.
For example, an Admitting application might define an audit event type asAdmit Patient, and monitor events of this type.
Note: Although HDR provides the mechanism to audit business events, it is your responsibility to implement the appropriate audit calls to log such events.
To create a new audit event type, use ProfileOptionService.createProfileOption to create a new profile option with the new audit event type as the profile option code.
After defining new audit event types, applications can log audit events of these types by calling the Audit Services interface.
Reference
Oracle Healthcare Data Repository Javadoc
Table 5-1 Service and Methods: Audit Services
Level |
Detail |
Package |
oracle.hsgbu.hdr.auditing |
Class |
AuditService |
Methods |
createEventLog |
Prerequisite
Creating New Audit Event Types
Login
This is an API-based implementation procedure.
Responsibility
Any responsibility.
Navigation
This is an API-based implementation procedure.
Steps
Turn on HDR Audit Services and the audit event type.
Enabling Audit Services
Initializing Existing Audit Event Types
In the application code, call the createEventLog method with the new event type as the value of the EventType attribute.
Note:Oracle Healthcare Data Repository Javadoc
Oracle HDR uses the JDK Logging Framework to provide the ability to log error messages for debugging, error reporting and alerting purposes, as discussed in the following sections:
Terminologies used by JDK Logging Framework:
A log message contains the application messages in different formats supported by the JDK Logging Framework. The log message format is configurable in the JDK logging properties file logging.properties.
A logging level is a threshold set by the system administrator to control message logging. The logging level can be set to any level supported by the JDK Logging Framework. Once set, only messages having a severity greater than or equal to the defined level are logged.
Example: Setting the level to SEVERE results in the logging of only error messages; setting the level to FINEST results in the logging of all messages.
HDR logging can be configured to use either JDK Logging or Log4J Logging Framework. Th user has to specify which logging framework he would want to use through a system property: HDR_LOG_PROVIDER. The possible list of values for this property are JDK, LOG4J, jdk or log4j. This property should be included in the WebLogic Server startup script as a JVM argument. In case the user doesn't supply this property then, the application falls back on JDK Logging.
To use Log4j Logging, the following steps are required:
Download log4j-api-2.10.0.jar and log4j-core-2.10.0.jar files from the Apache
website and copy them to ${WL_DOMAIN_HOME}/lib directory
.
Create the log4j2.properties configuration file and copy it to the ${WL_DOMAIN_HOME}
directory. A sample configuration file can be found here
.
Add the -Dlog4j.configurationFile=log4j2.properties JVM argument to WebLogic Server startup script.
Add the JVM argument -DHDR_LOG_PROVIDER=LOG4J.
Restart the WebLogic Server.
By default, the HDR installer creates the JDK logging properties file logging.properties in the hdr_domain directory. The logging.properties sets the default logging to file logging with log file name hdr.log. The default log level WARNING is configured in the log module CTBAppsLogger.
HDR Terminology jobs use ETSJobLogger for generating job log files. The default log level is FINEST (configurable using logging.properties) and the default handler is file handler which takes name of log file from HDR Terminology PROGRAM_ARGUMENT (this is to maintain specific log file names for specific types of jobs.
HDR Terminology jobs use an internal logger for generating Execution report. This logger is internally configured and its attributes are not configurable.