This audit capability creates an audit.log file and is used to monitor user activities and configuration changes in the Controller. Be aware that SaaS customers do not have access to the audit.log file as it is held on the AppD Controller server. The information is retrieved through the following actions. 

Schedule a Controller Audit Report

You must have account-level permissions to view and configure scheduled reports. See account-level permissions. Use this report to view changes made to the user information, controller configuration, and application properties. 

1. Click Dashboards & Reports > Reports > Add Report.

2. Enter Report Title and Report Subtitle.

   1. Tip:  You can label a report CONFIDENTIAL using Report Subtitle.

   2. Optionally, select Show Title Page to include a title page at the beginning of your report file.

3. Select Report Type > Controller Audit to define the fields in the Reports Data tab.

4. Set the time ranges. You can create and manage custom time range if required.

   1. Note:  Custom time range options are available for all the Report Types.

5. Select your report file format as PDF, JSON, or CSV.

   1. Optionally, uncheck the Show Diff box to remove the Object Changes column from your report file.

6. Choose the data to include or exclude from the drop-down list.

   1. Repeat as necessary with the following options:

7. Enter the attribute value

8. Click +Add.

You can create new, duplicate existing, or modify current reports as well as set an email delivery schedule to a defined list of recipients. You can also choose the Send Report Now right-click option for an immediate look at the audit details. Review the Reports documentation for more details on other types of reporting.

The Controller Audit reports on the following attributes:

Retrieve Controller Audit Log Report

The Controller Audit Log Report is sent by email according to the addresses added to the configurations page. This report captures the following information:

• User logins and information changes

• Controller configuration changes

• Application properties and object changes such as policies, health rules, and entities listed in the above table.

• Environment properties changes

AppDynamics supports PDF, JSON, and CSV output formats. 

Retrieve Controller Audit History via API

You can retrieve Controller audit history through the ControllerAuditHistory API method, which returns the configuration and user activities record in a JSON or CSV file for the time range specified. This information is the same as that found in the file.

Format

GET /controller/ ControllerAuditHistory?startTime=<start-time>&endTime=<end-time>&include=<field>:<value>&exclude=<field>:<value>

For example:

http://localhost:8080/controller/ControllerAuditHistory?startTime=yyyy-MM-dd&&endTime=yyyy-MM-dd&include=filterName1:filterValue1&include=filterName1:filterValue1&exclude=filterName1:filterValue1&exclude=filterName1:filterValue1

curl --user user1@customer1:welcome "http://demo.appdynamics.com:8090/controller/ControllerAuditHistory?startTime=2015-12-19T10:50:03.607-0700&endTime=2015-12-19T17:50:03.607-0700&timeZoneId=America&Francisco&include=userName:user1&include=action:LOGIN&exclude=accountName:system&exclude=action:OBJECT_UPDATE"
  
[{"timeStamp":1450569821811,"auditDateTime":"2015-12-20T00:03:41.811+0000","accountName":"customer1","securityProviderType":"INTERNAL","userName":"user1","action":"LOGIN"},{"timeStamp":1450570234518,"auditDateTime":"2015-12-20T00:10:34.518+0000","accountName":"customer1","securityProviderType":"INTERNAL","userName":"user1","action":"LOGIN"},{"timeStamp":1450570273841,"auditDateTime":"2015-12-20T00:11:13.841+0000","accountName":"customer1","securityProviderType":"INTERNAL","userName":"user1","action":"OBJECT_CREATED","objectType":"AGENT_CONFIGURATION"},
...
{"timeStamp":1450570675345,"auditDateTime":"2015-12-20T00:17:55.345+0000","accountName":"customer1","securityProviderType":"INTERNAL","userName":"user1","action":"OBJECT_DELETED","objectType":"BUSINESS_TRANSACTION"},{"timeStamp":1450570719240,"auditDateTime":"2015-12-20T00:18:39.240+0000","accountName":"customer1","securityProviderType":"INTERNAL","userName":"user1","action":"APP_CONFIGURATION","objectType":"APPLICATION","objectName":"ACME Book Store Application"},{"timeStamp":1450571834835,"auditDateTime":"2015-12-20T00:37:14.835+0000","accountName":"customer1","securityProviderType":"INTERNAL","userName":"user1","action
 
curl --user user1@customer1:welcome "http://127.0.0.1:8080/controller/ControllerAuditHistory?startTime=2019-05-28T08:00:03.607-0700&endTime=2019-05-28T11:32:03.607-0700&timeZoneId=America%2FSan%20Francisco&include=applicationName:ACME"
[{"timeStamp":1559066415823,"auditDateTime":"2019-05-28T18:00:15.823+0000","accountName":"customer1","securityProviderType":"INTERNAL","userName":"user1","action":"LOGIN","objectId":0,"applicationName":"ACME"}]

Input parameters

Parameter Name

Parameter Type

Value

Mandatory

start-time

end-time

time-zone-id

include

exclude

To control the size of the output, the range between the start-time and end-time cannot exceed twenty-four hours. For periods longer than 24 hours, use multiple queries with consecutive time parameters.

• Multiple filters of the same type are allowed.

• The backend API treats include filters with the same <field> and relationship as "OR", and filters with different <field> and relationship as "AND".

• There is no direct interaction between include and exclude filters.

• Each filter needs to be a parameter, e.g., include=filterName1:filterValue1&include=filterName2:filterValue2. See the below examples.

Log File Information by Platform 

SaaS Controller Audit Log Default Configuration Settings

This table shows default settings for your SaaS controller. Please contact your AppD account manager to edit these settings.

Name	Description	Value
audit.enabled	Enable or disable audit logging	true
audit.log.changes.persisted	Enable or disable audit log state change data persistence	true
audit.log.file.count	The number of log files for rotation once exceeding size limit.	1
audit.log.file.enabled	Enable logging audit information into a file.	true
audit.log.file.location	Audit log file locations <empty value means $CONTROLLER_HOME/logs/audit.log>
audit.log.file.size	Maximum log file size (in bytes) for audit logging.	500000000
audit.log.retention.period	Audit log retention period in hours. (30 days)	720

Be aware that AppD only retains Controller Audit Logs for 30 days. If you wish to retain them longer, contact your account manager or download your scheduled reports regularly.

On-Prem Controller Audit Log Configuration Settings

The information below provides instructions and items that can be configured for on-premise audit logging.

Access Controller Administration Console

The below actions require accessing the Controller Administration Console.

1. Log in to the console.
   1. Following the instructions in the Access the Controller Administration Console page, or
   2. Logging in to http:<controller-hostname>:8080/controller/admin.jspor https:<controller-hostname>:443/controller/admin.jsp with the root password.
2. Select the Controller Settings tab and continue as instructed below:

Configure Audit Logging

Audit logging is enabled by default. To disable audit logging, set the audit.enabled value flag to false. 

Configure Persistence of State-change Data

Persistence of state-change data in database and audit log files is enabled by default and can only be disabled through the Controller Administration Console. 

Disabling persistence of state-change data excludes those details from the Controller audit schedule reports and audit log history.

To disable, set the audit.log.changes.persisted value flag to false.

Retain Audit Logs

The Controller retains audit logs for 720 hours by default. To adjust the retention period, set the value parameter. 

What is Audited

The following entries are audited:

Supported Audit Actions 

Below is the list of actions supported in auditing.

Note that not all of these actions are supported for all of the Audit Entries in the table above.