Dashboard and Arbitrator Transaction Logging and Audit#

Overview#

The Insights platform provides transaction logging as an audit trail for both the Dashboard (Reporter) and for Arbitrator. This allows you to inspect the logs to investigate actions taken on these modules in the event of a data breach or for troubleshooting.

Insights records the following event types:

  • All logins - including root, CLI, Web, admin ssh, sysadmin

  • Logout

  • Failed login attempts

  • Password changes - including details for which password was changed, for example, admin, ftpuser, or Dropbox

  • All user account changes - add, update, and delete

  • Export of reports from Dashboard

  • Dashboard views, updates, or deletes - including widgets on dashboards

  • NRS connections (run as root) - connection established and connection closed

Related Topics

Transaction Logs#

Transaction logs for audited events are stored in the following file: /var/www/api/logs/current

../../../_images/insights-transaction-log.png

File Format

Fields in the file, such as UserID (for example, root or admin), Severity, and EventType, are separated by space, colon, space, that is, `` : ``

Event Types

Event types logged may include, for example, ssh (log in event), or ResourceAccessed (AccessEvent or ReconnectEvent). The event type (EventType) and event value, for example, AccessEvent, depends on the action taken in the system.

Note

The transaction logging also records a reconnect event (ReconnectEvent) when you’re switching tabs or when opening Arbitrator’s System Configuration module.

The image displays an example of a log entry showing an admin user log in and password change:

../../../_images/insights-transaction-log-password-change.png

View Audit Event Logs via the GUI#

You can search for and view events through the CLI, either all events, or search for a specific audit event using the ndx_client command.

You can also view the audit event logs via the GUI syslogs. For example, using the field EventType returns all audit events as this field appears in all audit event logs. The output of this search can be redirected to a different location.

../../../_images/insights-transaction-log-via-gui.png

Related Topics

Dashboard Event Audits#

Transaction and audit logging for the Dashboard system records log entries each time you view, edit and save, or delete a dashboard or widget.

Log entries are also recorded when you generate, download, or export reports from the Dashboard.

Dashboard log entries include details such as the user role and username, the date and time of the event, the dashboard or widget name, ID, and directory path, and the user role and username of the relevant user.

../../../_images/insights-transactions-dashboard-view.png