This audit capability creates an
audit.log file and is used to monitor user activities and configuration changes in the Controller. Be aware that SaaS customers do not have access to the
audit.log file as it is held on the AppD Controller server. The information is retrieved through the following actions.
Schedule a Controller Audit Report
You must have account-level permissions to view and configure scheduled reports. Use this report to view changes made to the user information, controller configuration, and application properties.
Click Dashboards & Reports > Reports > Add Report.
Enter Report Title and Report Subtitle.
You can label a report CONFIDENTIAL using Report Subtitle.
Optionally, select Show Title Page to include a title page at the beginning of your report file.
Select Report Type > Controller Audit to define the fields in the Reports Data tab.
Set the time ranges. You can create and manage custom time range if required.
Note: Custom time range options are available for all the Report Types.
Select your report file format as PDF, JSON, or CSV.
Optionally, uncheck the Show Diff box to remove the Object Changes column from your report file.
Choose the data to include or exclude from the drop-down list.
Repeat as necessary with the following options:
Enter the attribute value.
Click + Add.
You can create new, duplicate existing, or modify current reports as well as set an email delivery schedule to a defined list of recipients. You can also choose the Send Report Now right-click option for an immediate look at the audit details. Review the Reports documentation for more details on other types of reporting.
The Controller Audit reports on the following attributes:
Retrieve Controller Audit Log Report
The Controller Audit Log Report is sent by email according to the addresses added to the configurations page. This report captures the following information:
User logins and information changes
Controller configuration changes
Application properties and object changes such as policies, health rules, and entities listed in the above table.
Environment properties changes
AppDynamics supports PDF, JSON, and CSV output formats.
Retrieve Controller Audit History via API
You can retrieve Controller audit history through the ControllerAuditHistory API method, which returns the configuration and user activities record in a JSON or CSV file for the time range specified. This information is the same as that found in the file.
GET /controller/ ControllerAuditHistory?startTime=<start-time>&endTime=<end-time>&include=<field>:<value>&exclude=<field>:<value>
Start time in the format: "yyyy-MM-dd'T'HH:mm:ss.SSSZ"
End time in the format: "yyyy-MM-dd'T'HH:mm:ss.SSSZ"
Restricted information in the Controller audit history
Restricted information in the Controller audit history
To control the size of the output, the range between the start-time and end-time cannot exceed twenty-four hours. For periods longer than 24 hours, use multiple queries with consecutive time parameters.
Multiple filters of the same type are allowed.
The backend API treats include filters with the same <field> and relationship as "OR", and filters with different <field> and relationship as "AND".
There is no direct interaction between include and exclude filters.
Each filter needs to be a parameter, e.g.,
include=filterName1:filterValue1&include=filterName2:filterValue2. See the below examples.
Log File Information by Platform
SaaS Controller Audit Log Default Configuration Settings
This table shows default settings for your SaaS controller. Please contact your AppD account manager to edit these settings.
Enable or disable audit logging
Enable or disable audit log state change data persistence
The number of log files for rotation once exceeding size limit.
Enable logging audit information into a file.
Audit log file locations <empty value means $CONTROLLER_HOME/logs/audit.log>
Maximum log file size (in bytes) for audit logging.
Audit log retention period in hours. (30 days)
AppDynamics retains the Controller audit logs for 30 days. If you wish to retain them longer, contact the account manager or download your scheduled reports regularly.
On-Prem Controller Audit Log Configuration Settings
The information below provides instructions and items that can be configured for on-premise audit logging.
Access Controller Administration Console
The below actions require accessing the Controller Administration Console.
- Log in to the console.
- Following the instructions in the Accessing the Controller Administration Console page, or
- Logging in to
https:<controller-hostname>:443/controller/admin.jspwith the root password.
- Select the Controller Settings tab and continue as instructed below:
Configure Audit Logging
Audit logging is enabled by default. To disable audit logging, set the
audit.enabled value flag to
Configure Persistence of State-change Data
Persistence of state-change data in database and audit log files is enabled by default and can only be disabled through the Controller Administration Console.
Disabling persistence of state-change data excludes those details from the Controller audit schedule reports and audit log history.
To disable, set the
audit.log.changes.persisted value flag to
Retain Audit Logs
The Controller retains audit logs for 720 hours by default. To adjust the retention period, set the value parameter.
What is Audited
The following entries are audited:
- The Audit report supports the Application Name for the above entities when applicable.
- To fetch the audit log for the
Remove literalflag in the report, ensure to specify the object name as Remove Literals with the object type as DBMON_ACCOUNT_CONFIGURATION.
Supported Audit Actions
Below is the list of actions supported in auditing.
Not all of these actions are supported for all of the Audit Entries listed in the preceding table.