Download PDF
Download page SaaS Audit Log.
SaaS Audit Log
This page describes how to schedule and manage a SaaS Audit Log.
AppDynamics refers to a Tenant as the Controller in some portions of the UI. They are considered one and the same.
This audit capability creates an audit.log
file and is used to monitor user activities and configuration changes in the Tenant. Be aware that SaaS customers do not have access to the audit.log
file as it is held on the AppDynamics Tenant server. The information is retrieved through the following actions.
Schedule an Audit Report
You must have account-level permissions to view and configure scheduled reports. Use this report to view changes made to the user information, Tenant configuration, and application properties.
Click Dashboards & Reports > Reports > Add Report.
Enter Report Title and Report Subtitle.
You can label a report CONFIDENTIAL using Report Subtitle.
Optionally, select Show Title Page to include a title page at the beginning of your report file.
Select Report Type > Controller Audit to define the fields in the Reports Data tab.
Set the time ranges. You can create and manage custom time range if required.
Note: Custom time range options are available for all the Report Types.
Select your report file format as PDF, JSON, or CSV.
Optionally, uncheck the Show Diff box to remove the Object Changes column from your report file.
Choose the data to include or exclude from the drop-down list.
Repeat as necessary with the following options:
Enter the attribute value.
Click + Add.
You can create new, duplicate existing, or modify current reports as well as set an email delivery schedule to a defined list of recipients. You can also choose the Send Report Now right-click option for an immediate look at the audit details.
The Tenant Audit reports on the following attributes:
|
|
|
|
|
|
|
|
|
Retrieve the Audit Log Report
The Audit Log Report is sent by email according to the addresses added to the configurations page. This report captures the following information:
User logins and information changes
Tenant configuration changes
Application properties and object changes such as policies, health rules, and entities listed in the above table.
Environment properties changes
AppDynamics supports PDF, JSON, and CSV output formats.
Retrieve Audit History via API
You can retrieve audit history through the ControllerAuditHistory
API method, which returns the configuration and user activities record in a JSON or CSV file for the time range specified. This information is the same as that found in the file.
Format
GET /controller/ ControllerAuditHistory?startTime=<start-time>&endTime=<end-time>&include=<field>:<value>&exclude=<field>:<value>
For example:
http://localhost:8080/controller/ControllerAuditHistory?startTime=yyyy-MM-dd&&endTime=yyyy-MM-dd&include=filterName1:filterValue1&include=filterName1:filterValue1&exclude=filterName1:filterValue1&exclude=filterName1:filterValue1
curl --user user1@customer1:welcome "http://demo.appdynamics.com:8090/controller/ControllerAuditHistory?startTime=2015-12-19T10:50:03.607-0700&endTime=2015-12-19T17:50:03.607-0700&timeZoneId=America&Francisco&include=userName:user1&include=action:LOGIN&exclude=accountName:system&exclude=action:OBJECT_UPDATE"
[{"timeStamp":1450569821811,"auditDateTime":"2015-12-20T00:03:41.811+0000","accountName":"customer1","securityProviderType":"INTERNAL","userName":"user1","action":"LOGIN"},{"timeStamp":1450570234518,"auditDateTime":"2015-12-20T00:10:34.518+0000","accountName":"customer1","securityProviderType":"INTERNAL","userName":"user1","action":"LOGIN"},{"timeStamp":1450570273841,"auditDateTime":"2015-12-20T00:11:13.841+0000","accountName":"customer1","securityProviderType":"INTERNAL","userName":"user1","action":"OBJECT_CREATED","objectType":"AGENT_CONFIGURATION"},
...
{"timeStamp":1450570675345,"auditDateTime":"2015-12-20T00:17:55.345+0000","accountName":"customer1","securityProviderType":"INTERNAL","userName":"user1","action":"OBJECT_DELETED","objectType":"BUSINESS_TRANSACTION"},{"timeStamp":1450570719240,"auditDateTime":"2015-12-20T00:18:39.240+0000","accountName":"customer1","securityProviderType":"INTERNAL","userName":"user1","action":"APP_CONFIGURATION","objectType":"APPLICATION","objectName":"ACME Book Store Application"},{"timeStamp":1450571834835,"auditDateTime":"2015-12-20T00:37:14.835+0000","accountName":"customer1","securityProviderType":"INTERNAL","userName":"user1","action
curl --user user1@customer1:welcome "http://127.0.0.1:8080/controller/ControllerAuditHistory?startTime=2019-05-28T08:00:03.607-0700&endTime=2019-05-28T11:32:03.607-0700&timeZoneId=America%2FSan%20Francisco&include=applicationName:ACME"
[{"timeStamp":1559066415823,"auditDateTime":"2019-05-28T18:00:15.823+0000","accountName":"customer1","securityProviderType":"INTERNAL","userName":"user1","action":"LOGIN","objectId":0,"applicationName":"ACME"}]
Input parameters
Parameter Name | Parameter Type | Value | Mandatory |
---|---|---|---|
start-time | Query | Start time in the format: "yyyy-MM-dd'T'HH:mm:ss.SSSZ" | Yes |
end-time | Query | End time in the format: "yyyy-MM-dd'T'HH:mm:ss.SSSZ" | Yes |
time-zone-id | Query | Time zone | No |
include | Query | Restricted information in the audit history | No |
exclude | Query | Restricted information in the audit history | No |
To control the size of the output, the range between the start-time and end-time cannot exceed twenty-four hours. For periods longer than 24 hours, use multiple queries with consecutive time parameters.
Multiple filters of the same type are allowed.
The backend API treats include filters with the same <field> and relationship as "OR", and filters with different <field> and relationship as "AND".
There is no direct interaction between include and exclude filters.
Each filter needs to be a parameter, e.g.,
include=filterName1:filterValue1&include=filterName2:filterValue2
. See the below examples.
Audit Log Default Configuration Settings
This table shows the default settings for your Tenant. Please contact your AppDynamics account manager to edit these settings.
Name | Description | Value |
---|---|---|
audit.enabled | Enable or disable audit logging |
|
audit.log.changes.persisted | Enable or disable audit log state change data persistence |
|
audit.log.file.count | The number of log files for rotation once exceeding the size limit |
|
audit.log.file.enabled | Enable logging audit information into a file |
|
audit.log.file.location | Audit log file locations <empty value means | |
audit.log.file.size | Maximum log file size (in bytes) for audit logging |
|
audit.log.retention.period | Audit log retention period in hours (30 days) |
|
Be aware that AppDynamics only retains audit logs for 30 days. If you wish to retain them longer, contact your account manager or download your scheduled reports regularly.
What is Audited
The following entries are audited:
|
|
The Audit report now supports Application Name for the above entities when applicable.
Supported Audit Actions
Below is the list of actions supported in auditing.
Note that not all of these actions are supported for all of the Audit Entries in the table above.
|
|