.. _transaction-logging: Dashboard and Arbitrator Transaction Logging and Audit --------------------------------------------------------- .. _24.1|VOSS-1253: Overview ........... The Insights platform provides transaction logging as an audit trail for both the Dashboard (Reporter) and for Arbitrator. This allows you to inspect the logs to investigate actions taken on these modules in the event of a data breach or for troubleshooting. Insights records the following event types: * All logins - including root, CLI, Web, admin ssh, sysadmin * Logout * Failed login attempts * Password changes - including details for which password was changed, for example, admin, ftpuser, or Dropbox * All user account changes - add, update, and delete * Export of reports from Dashboard * Dashboard views, updates, or deletes - including widgets on dashboards * NRS connections (run as root) - connection established and connection closed .. rubric:: Related Topics * :ref:`elevated-access` Transaction Logs ................... Transaction logs for audited events are stored in the following file: `/var/www/api/logs/current` .. image:: /src/images/insights-transaction-log.png .. rubric:: File Format Fields in the file, such as ``UserID`` (for example, `root` or `admin`), ``Severity``, and ``EventType``, are separated by space, colon, space, that is, `` : `` .. rubric:: Event Types Event types logged may include, for example, ``ssh`` (log in event), or ``ResourceAccessed`` (AccessEvent or ReconnectEvent). The event type (``EventType``) and event value, for example, `AccessEvent`, depends on the action taken in the system. .. note:: The transaction logging also records a reconnect event (`ReconnectEvent`) when you're switching tabs or when opening Arbitrator's System Configuration module. The image displays an example of a log entry showing an admin user log in and password change: .. image:: /src/images/insights-transaction-log-password-change.png View Audit Event Logs via the GUI .................................. You can search for and view events through the CLI, either all events, or search for a specific audit event using the ``ndx_client`` command. You can also view the audit event logs via the GUI syslogs. For example, using the field ``EventType`` returns all audit events as this field appears in all audit event logs. The output of this search can be redirected to a different location. .. image:: /src/images/insights-transaction-log-via-gui.png .. rubric:: Related Topics * .. raw:: latex Search the Logs in the Dashboard Administration Guide .. raw:: html Search the Logs Dashboard Event Audits .................................. Transaction and audit logging for the Dashboard system records log entries each time you view, edit and save, or delete a dashboard or widget. Log entries are also recorded when you generate, download, or export reports from the Dashboard. Dashboard log entries include details such as the user role and username, the date and time of the event, the dashboard or widget name, ID, and directory path, and the user role and username of the relevant user. .. image:: /src/images/insights-transactions-dashboard-view.png