Skip to content

Audit Trail Records

Purpose

Configure and write audit trail records to a configured Big Data channel.

Configuration

Supported auditing providers:

  • LOG4J, log4j
  • ELASTICSEARCH, Elasticsearch from Elastic

The provider is specified in the Platform 6 application.conf file.

The provider attributes are also specified in the application.conf and vary depending upon the chosen provider.

Configuration

application.conf
p6.service.auditing.provider=ELASTICSEARCH

p6.audit.elasticsearch {
    host: "log.amalto.com"
    port: 9200
    scheme: "http"
}

Application identifier

Both Google BigQuery and Elastic Search can be shared by multiple instances of Platform 6. Therefore the Platform 6 application_id is used to extend and uniquely name each audit trail.

For more details see Audit Provider documentation: Audit Providers.

Elasticsearch example

JSON is used to define the structure (schema) of an audit trail. The syntax differs depending upon the audit provider type:

ELASTICSEARCH: es-myindex.json

{
  "mappings": {
    "myindex": {
      "_all": {
        "enabled": false
      },
      "properties": {
        "timestamp": {
          "type": "date",
          "format": "YYYY-MM-dd HH:mm:ss.SSSZ"
        },
        "company": {
          "type": "text",
          "fields":{"keyword":{"type":"keyword","ignore_above":256}}
        },
        "amount": {
          "type": "float"
        },
        "taxes": {
          "type": "nested",
          "properties": {
            "salestax": {
              "type": "float"
            },
            "taxrate": {
              "type": "float"
            }
          }
        }
      }
    }
  }
}

Elasticsearch Schema

The Platform 6 audit trail client auto-generates a timestamp value. So it is advisable to add a mapping definition.

Note

Once an audit trail table has been created there is no need to use the ‘open’ method again… unless you need to validate its existence.

Methods

Binding name: p6.audit

open

Creates or checks for the existence of the audit channel with the given id.

Syntax

boolean p6.audit.open(String id, String schemaUri)

Once the named audit channel has been created this method no longer needs to be called. The schemaUri must point to a local file (e.g. protocol file: only), a JSON formatted file that describes the structure of the audit record.

Returns true if channel already exists or creation was successful

Example 
def success = p6.audit.open("myindex")
println success

post

Posts an audit record to the named audit channel using the supplied values.

Syntax

void p6.audit.post(String id, Map values)

The id must be the name of a previously opened audit channel. The values map is a map of String keys with either String values or lists of other values map (in the case of nested audit record).

Examples 
def auditValues = [:]
auditValues["company"] = "Amalto"
auditValues["amount"] = 101.12

p6.audit.post "myindex", auditValues

Nested RECORD 

def auditValues = [:]

def taxValues = []

def taxValue1 = [:]
taxValue1["salestax"] = 12.35
taxValue1["taxrate"] = 10
taxValues.push(taxValue1)

def taxValue2 = [:]
taxValue2["salestax"] = 123.45
taxValue2["taxrate"] = 100
taxValues.push(taxValue2)

auditValues["taxes"] = taxValues
auditValues["company"] = "Amalto"
auditValues["amount"] = 123.45
p6.audit.post "myindex", auditValues

post (string)

Posts an audit record to the named audit channel using the supplied values String.

Syntax

void p6.audit.post(String id, String values)

The id must be the name of a previously opened audit channel. The values map is a String formatted appropriately for the auditing provider. For example: JSON for ELASTICSEARCH

Example 
p6.audit.post("myindex", "auditValues")