5 Audit Events and Log Errors

HDR Audit Services

The HDR Audit Service [AuditService] is a core HDR interface that lets you log and monitor HDR activities, to monitor security policy and regulation compliance—by recording actions taken during user sessions. Such event records can help detect actual or attempted violations of policy and operation procedures.

The AuditService.createEventLog method lets you record an audit event record in the table OHF_HDR_AU_ACCESS_LOG. You can use a reporting tool of your choice to generate auditing reports by querying this table for audit record details of a relevant event.

The EventLog value object has two attributes that are mandatory and validated; the rest are optional and not validated:

EventLog Value Object Attributes

Value Object Attribute Mandatory / Optional Validated
EventLog EventOutcome Mandatory Not Validated
EventLog EventType Mandatory As a valid HDR profile option

When createEventLog is called, the following checks are made to determine whether to record an event or to ignore the request:

  1. If the CTB profile option CTB: Auditing On (CTB_AU_AUDIT_FLAG) is not set to Y, the audit event is not recorded.

  2. If the Break-The-Glass profile option is turned on and the CTB profile option CTB: Audit All When in Break-The-Glass (CTB_AU_ALL_WHEN_BTG) is not set to Y, the audit event is not recorded.

  3. If the attribute EventType of value object EventLog is a valid CTB profile option and the profile option is set to Y, the audit event is recorded.

Example 5-1 Create an Audit Event Record

The following code sample creates an audit event record:

AuditingHelper
auditHelper = new AuditingHelper();
AuditService = mServiceLocator.getAuditService();
EventLog eventLog = auditHelper.newEventLog();
 
// "MyEventType" is a valid CTB profile option
eventLog.setEventType("MyEventType");
// mEventOutcome is a valid membership code in the CTB_AU_EVENT_OUTCOME
conceptlisteventLog.setEventOutcome(mEventOutcome); 
 
DataTypeFactory dataTypeFac
= DataTypeFactory.getInstance(mServiceLocator);
II ii = dataTypeFac.newII(mUID), dataTypeFac.newST(mST);
SET_II iis = dataTypeFac.newSET_II(ii);
 
// finally
mAuditService.createEventLog(eventLog);

Initializing Existing Audit Event Types

Audit event types can selectively be turned on or off. When both the global auditing flag and a particular audit event type are turned on, events of this particular type are audited by HDR Audit Service.

Following is the list of HDR audit event types is seeded for HDR use. By default, these event types are turned on.

  1. CTB: Audit Receive Message

  2. CTB: Audit Resending of Message

  3. CTB: Audit Update OID

  4. CTB: Audit Skipping of Message

  5. CTB: Audit Generation of Message

  6. CTB: Audit Query on Personal Health Information

  7. CTB: Audit Insert/Update of Personal Health Information

Creating New Audit Event Types

Applications developed on the HDR Platform can define business audit event types in addition to the seeded event types.

For example, an Admitting application might define an audit event type asAdmit Patient, and monitor events of this type.

Note: Although HDR provides the mechanism to audit business events, it is your responsibility to implement the appropriate audit calls to log such events.

To create a new audit event type, use ProfileOptionService.createProfileOption to create a new profile option with the new audit event type as the profile option code.

Invoking HDR Audit Services

After defining new audit event types, applications can log audit events of these types by calling the Audit Services interface.

Reference

Oracle Healthcare Data Repository Javadoc

Table 5-1 Service and Methods: Audit Services

Level

Detail

Package

oracle.hsgbu.hdr.auditing

Class

AuditService

Methods

createEventLog

Prerequisite

Creating New Audit Event Types

Login

This is an API-based implementation procedure.

Responsibility

Any responsibility.

Navigation

This is an API-based implementation procedure.

Steps

  1. Turn on HDR Audit Services and the audit event type.

    • Enabling Audit Services

    • Initializing Existing Audit Event Types

  2. In the application code, call the createEventLog method with the new event type as the value of the EventType attribute.

    Note:Oracle Healthcare Data Repository Javadoc

Attribute Values in Audit Events

Every entry in the audit trail has the attributes listed by the attributes table included in oracle.hsgbu.hdr.auditing.EventLog. This can be found in the Oracle Healthcare Data Repository Javadoc.

Log Error Messages

Oracle HDR uses the JDK Logging Framework to provide the ability to log error messages for debugging, error reporting and alerting purposes, as discussed in the following sections:

Teminology

Terminologies used by JDK Logging Framework:

Log Message

A log message contains the application messages in different formats supported by the JDK Logging Framework. The log message format is configurable in the JDK logging properties file logging.properties.

Level

A logging level is a threshold set by the system administrator to control message logging. The logging level can be set to any level supported by the JDK Logging Framework. Once set, only messages having a severity greater than or equal to the defined level are logged.

Example: Setting the level to SEVERE results in the logging of only error messages; setting the level to FINEST results in the logging of all messages.

Log4j Logging Configuration

HDR logging can be configured to use either JDK Logging or Log4J Logging Framework. Th user has to specify which logging framework he would want to use through a system property: HDR_LOG_PROVIDER. The possible list of values for this property are JDK, LOG4J, jdk or log4j. This property should be included in the WebLogic Server startup script as a JVM argument. In case the user doesn't supply this property then, the application falls back on JDK Logging.

To use Log4j Logging, the following steps are required:

  1. Download log4j-api-2.10.0.jar and log4j-core-2.10.0.jar files from the Apache website and copy them to ${WL_DOMAIN_HOME}/lib directory.

  2. Create the log4j2.properties configuration file and copy it to the ${WL_DOMAIN_HOME} directory. A sample configuration file can be found here.

  3. Add the -Dlog4j.configurationFile=log4j2.properties JVM argument to WebLogic Server startup script.

  4. Add the JVM argument -DHDR_LOG_PROVIDER=LOG4J.

  5. Restart the WebLogic Server.

Log Configuration Parameters

By default, the HDR installer creates the JDK logging properties file logging.properties in the hdr_domain directory. The logging.properties sets the default logging to file logging with log file name hdr.log. The default log level WARNING is configured in the log module CTBAppsLogger.

HDR Terminology jobs use ETSJobLogger for generating job log files. The default log level is FINEST (configurable using logging.properties) and the default handler is file handler which takes name of log file from HDR Terminology PROGRAM_ARGUMENT (this is to maintain specific log file names for specific types of jobs.

HDR Terminology jobs use an internal logger for generating Execution report. This logger is internally configured and its attributes are not configurable.