The AUDIT_DATA table
After the audited events are logged into the AUDIT_LOG table, you can choose to transfer the logged data to another table, the AUDIT_DATA table, that makes it more consumable for the production of your custom reports.
Available from V5.2.6.2, the AUDIT_DATA table shows the logged data in a more consumable way, easing the task of creating Audit custom reports, and providing a richer filtering capability. The column names are also enhanced to make the data more readable.
Modify
actions. The AUDIT_LOG table logs the changed entity attributes in the
DATA column, in the
form:{"attribute1":"{\"old_value1\":\"new_value1\"}",
...,
"attributen":"{\"old_valuen\":\"new_valuen\"}"}
After
the audit record is transferred to the AUDIT_DATA table, the attribute, the old value, and the new
value are displayed in three separate columns:
ATTRIBUTE | OLD_VALUE | NEW_VALUE |
---|---|---|
attribute1 | old_value1 | new_value1 |
... | ... | ... |
attributen | old_valuen | new_valuen |
Modify Account
record, with all the new
and old values of the modified attributes in the same row of the DATA column. The AUDIT_DATA table
shows instead 5 separate records, one for each modified account attribute.Transferring the logged data from the AUDIT_LOG table to the AUDIT_DATA table
The AuditDeltaCreationTask
Task Planner task is provided to transfer the data.
Its job is designed to normalize data from the AUDIT_LOG table and to place it in the AUDIT_DATA
table.
The task is installed with V5.2.6.2 and later. It is not activated by default. You must activate it if you decide to use the AUDIT_DATA table. By default, the task is scheduled to run at the end of each hour, but you can change this.
AuditDeltaCreationTask
:- As part of a given audited operation, the audit record is logged into the AUDIT_LOG table.
- When
AuditDeltaCreationTask
runs, it starts parsing and copying the data from AUDIT_LOG to AUDIT_DATA, in chunks that are configured by the virtual appliance administrator (with the audit.log.batch.process option of the config.properties file).
The audit.log.batch.process option is in the config.properties file of the virtual appliance.
The path to access config.properties in the virtual appliance local management interface is . In the Custom File Management pane, the administrator must click on the properties folder to list the files on the right, and scroll down the list to select and download the file.
#determines the number of audit logs that are processed in a single batch, from AUDIT_LOG to AUDIT_DATA by the AuditDeltaCreationTask
#in the Task Planner module. 1000 is the default batch size.
#NOTE: While increasing the batch size,it is recommended to try the new batch size in a staging environment before using it on production
audit.log.batch.process=1000
This parameter is used by the AuditDeltaCreationTask
job to process the audit
records in sizable chunks. You can customize it for your environment.
Performance considerations
- If your AUDIT_LOG table comprises a huge amount of records from past auditing, the first time
that
AuditDeltaCreationTask
runs, it finds a lot of data to process and migrate. Plan this activity for a time when the server load is expected to be less. For the initial migration, set the size of the audit.log.batch.process parameter to a higher value. The value of the batch size depends on the existing load on the environment, and on the number of concurrently running tasks. Hence, you should try out with different batch sizes in a staging environment, before finalizing on one.After the initial migration is completed, you can resize audit.log.batch.process to a lower value.
- Ensure that enough disk space is available to accommodate AUDIT_DATA. The size of the AUDIT_DATA table is similar to that of AUDIT_LOG. Since there is no auto-purge of data from AUDIT_LOG, available disk space is an important question to evaluate for planning.
- After
AuditDeltaCreationTask
is first activated, it populates the AUDIT_DATA table with all the data from AUDIT_LOG. The two tables are expected to be huge in size. You should purge the data from the AUDIT_LOG table, after it is copied over to AUDIT_DATA. - After the initial migration of the past auditing data is completed, time the regular schedule of
AuditDeltaCreationTask
at hours when the load on the system is known to be low. - Periodically purge from AUDIT_LOG the data that is already copied to AUDIT_DATA.
Run
to get the ID of the last AUDIT_LOG record that was copied to the AUDIT_DATA table. You can purge all the records prior to this ID.SELECT MAX(AUDIT_LOG) FROM #igaserviceschema#.AUDIT_DATA
AUDIT_DATA table reference
AUDIT_DATA
table.
Column name | Column description | Data type | Default value |
---|---|---|---|
ID | The ID of the log record | NUMERIC | |
AUDIT_LOG | The ID of the log record in the AUDIT_LOG table | NUMERIC | |
OPERATOR | The type of user whose action originates the event (for example, Admin) | CHARACTER | Not available |
OPERATOR_ID | The ID of the operator as it is recorded in the database | CHARACTER | Not available |
EVENT_ID | The ID of the event type. See Introduction to audit. | NUMERIC | |
EVENT | A brief definition or title of the event type. See Introduction to audit. | CHARACTER | Not available |
OPERATION_CODE | The code of the operation that originates the event. An operation can originate more than one event. For example, the operation for deleting a user includes events for the removal of entitlements from the user before the user is deleted. All of these events are specified by the same operation code. |
CHARACTER | Not available |
EVENT_DATE | The date and time of the audited event | TIMESTAMP | |
BENEFICIARY_TYPE | The type of entity that is the beneficiary of the event. For example, USER. This column corresponds to the TARGET_TYPE column in the AUDIT_LOG table. |
CHARACTER | Not available |
BENEFICIARY_ID | The ID of the Beneficiary This column corresponds to the TARGET_KEY_ID column in the AUDIT_LOG table. |
NUMERIC | 0 |
BENEFICIARY | The name or code of the Beneficiary This column corresponds to the TARGET_KEY_NAME column in the AUDIT_LOG table. |
CHARACTER | Not available |
BENEFICIARY_ATTR1 | Additional Beneficiary details. This column corresponds to the TARGET_ATTR1 column in the AUDIT_LOG table. |
CHARACTER | Not available |
BENEFICIARY_ATTR2 | Additional Beneficiary details. This column corresponds to the TARGET_ATTR2 column in the AUDIT_LOG table. |
CHARACTER | Not available |
BENEFICIARY_ATTR3 | Additional Beneficiary details. This column corresponds to the TARGET_ATTR3 column in the AUDIT_LOG table. |
CHARACTER | Not available |
BENEFICIARY_ATTR4 | Additional Beneficiary details. This column corresponds to the TARGET_ATTR4 column in the AUDIT_LOG table. |
CHARACTER | Not available |
BENEFICIARY_ATTR5 | Additional Beneficiary details. This column corresponds to the TARGET_ATTR5 column in the AUDIT_LOG table. |
CHARACTER | Not available |
METADATA1_TYPE | The type of the object that is affecting the beneficiary This column corresponds to the OBJ1_TYPE column in the AUDIT_LOG table. |
CHARACTER | Not available |
METADATA1_ID | The ID of the object This column corresponds to the OBJ1_KEY_ID column in the AUDIT_LOG table. |
NUMERIC | 0 |
METADATA1 | The name of the object This column corresponds to the OBJ1_KEY_NAME column in the AUDIT_LOG table. |
CHARACTER | Not available |
METADATA1_ATTR1 | Additional object details. This column corresponds to the OBJ1_ATTR1 column in the AUDIT_LOG table. |
CHARACTER | Not available |
METADATA1_ATTR2 | Additional object details. This column corresponds to the OBJ1_ATTR2 column in the AUDIT_LOG table. |
CHARACTER | Not available |
METADATA1_ATTR3 | Additional object details. This column corresponds to the OBJ1_ATTR3 column in the AUDIT_LOG table. |
CHARACTER | Not available |
METADATA1_ATTR4 | Additional object details. This column corresponds to the OBJ1_ATTR4 column in the AUDIT_LOG table. |
CHARACTER | Not available |
METADATA1_ATTR5 | Additional object details. This column corresponds to the OBJ1_ATTR5 column in the AUDIT_LOG table. |
CHARACTER | Not available |
METADATA2_TYPE | Any other object type that holds extra information about the event This column corresponds to the OBJ2_TYPE column in the AUDIT_LOG table. |
CHARACTER | Not available |
METADATA2_ID | The ID of the object This column corresponds to the OBJ2_KEY_ID column in the AUDIT_LOG table. |
NUMERIC | 0 |
METADATA2 | The name of the object This column corresponds to the OBJ2_KEY_NAME column in the AUDIT_LOG table. |
CHARACTER | Not available |
METADATA2_ATTR1 | Additional object details. This column corresponds to the OBJ2_ATTR1 column in the AUDIT_LOG table. |
CHARACTER | Not available |
METADATA2_ATTR2 | Additional object details. This column corresponds to the OBJ2_ATTR2 column in the AUDIT_LOG table. |
CHARACTER | Not available |
METADATA2_ATTR3 | Additional object details. This column corresponds to the OBJ2_ATTR3 column in the AUDIT_LOG table. |
CHARACTER | Not available |
METADATA2_ATTR4 | Additional object details. This column corresponds to the OBJ2_ATTR4 column in the AUDIT_LOG table. |
CHARACTER | Not available |
METADATA2_ATTR5 | Additional object details. This column corresponds to the OBJ2_ATTR5 column in the AUDIT_LOG table. |
CHARACTER | Not available |
ATTRIBUTE | The name of the added or modified entity attribute that leads to the generation of the audit
record. For example, Account Code .The content of this column corresponds to the added, modified, or deleted entity attribute name in the DATA column of the AUDIT_LOG table. |
CHARACTER | Not available |
OLD_VALUE | The former value of the entity attribute. This is applicable only in the case of a
modification. In the case of a created entity, the value is N/A. The content of this column corresponds to the former value of the modified entity attribute name in the DATA column of the AUDIT_LOG table. |
CLOB | Not available |
NEW_VALUE | The new value of the created or modified entity attribute. The content of this column corresponds to the new value of the created or modified entity attribute name in the DATA column of the AUDIT_LOG table. |
CLOB | Not available |
SOURCE_TYPE | The entity, or process, that caused the audit log. | CHARACTER | Not available |
SOURCE_ID | The unique ID of the entity, or process, that caused the audit log. | NUMERIC | 0 |
SOURCE_NAME | The name of the entity, or process, that caused the audit log. | CHARACTER | Not available |
STATUS | The status of the operation: SUCCESS , ERROR ,
PARTIALLY FAILED , or N/A . |
CHARACTER | Not available |
STATUS_REASON |
The reason for failure, in a JSON format, in cases where STATUS is |
CLOB for Oracle and DB2. TEXT for PostgreSQL. | Not available |
ACTED_AS_CODE | This column is specific to delegation flows. It contains the MasterUID of the delegator. | CHARACTER | Not available |
ACTED_AS_KEY | This column is specific to delegation flows. It contains the ID of the delegator. | CHARACTER | Not available |
- Views on the AUDIT_DATA table are not supported
- Aliases for the AUDIT_DATA table columns cannot be used in the creation of the report query. You can, however, localize the columns when you generate the report.