Audit log¶
Журнал аудита содержит записи о событиях безопасности в TDG.
To view the log:
Configure at least one instance with the
storagerole.Go to the Cluster tab and click the Bootstrap vshard button.
Go to the Audit log tab.
Enabling and disabling the audit log¶
The audit log is enabled by default and records messages regardless of authorization settings.
To disable the audit log, click the Disable logging button on the Audit log tab. You can also go to the Graphql tab and run the following GraphQL request:
mutation {
audit_log {
enabled(value: false)
}
}
To check if the audit log is enabled:
query {
audit_log {
enabled
}
}
Clearing the audit log¶
The audit log is stored in memtx and doesn’t clear automatically.
To fully clear the space associated with the audit log, run the following GraphQL code:
mutation {
audit_log {
clear
}
}
Log structure¶
Each table entry provides the following information:
Severity
From - To
Subject ID
Subject
Request ID
Module
Message
The audit log can be filtered by each of the parameters. Below is more information about every one of them.
Severity¶
Possible values (in order of ascending severity):
VERBOSE – детальная информация;
INFO – уведомление;
WARNING – предупреждение;
ALARM – тревога.
A filter by severity displays events of the specified level or more severe. Choose the “VERBOSE” filter to display all messages.
From - To¶
Date and time of the event. Displayed in GMT+0 (UTC) time.
Subject ID¶
Internal identifier of the access subject.
Subject¶
Access subject name and type. Possible values:
system %q: системное сообщение, где%q– имя сущности в системе.token %q: доступ к HTTP API при помощи токена приложения (например, чтобы получить данные GraphQL), где%q– имя сущности, запросившей доступ.user: access attempt from GUI.anonymous: access attempt from GUI, if mandatory authorization is disabled.unauthorized: access attempt from GUI by an unauthorized user.
Request ID¶
Internal identifier of the request.
Module¶
Name of the system module that initiated the event. Examples: common.admin.auth is the module responsible for authorization.
Message¶
Event description. Can be provided by the user.
Configuration via config.yml¶
The default settings that Tarantool Data Grid starts up with can be found in the file config.yml. Audit log settings can be listed in this
audit_log:
remove_older_than_n_hours: 24 # how many hours a message should exist before being deleted
severity: VERBOSE # record messages of this severity level and higher
enabled: true