On this page:

Your Rating:
Results:
PatheticBadOKGoodOutstanding!
16 rates

The Controller keeps audit log data in the controller_audit_v2 table. You can use this audit log to monitor user activities and configuration changes in the Controller.  

What is Audited

The following entries are audited:

  • ACCOUNT
  • ACCOUNT_ROLE
  • ACTION_SUPPRESSION_WINDOW
  • AGENT_CONFIGURATION
  • APPLICATION
  • APPLICATION_COMPONENT
  • APPLICATION_COMPONENT_NODE
  • APPLICATION_CONFIGURATION
  • APPLICATION_DIAGNOSTIC_DATA
  • ASYNC_TRANSACTION_CONFIG
  • BACKEND_DISCOVERY_CONFIG
  • BUSINESS_TRANSACTION
  • BUSINESS_TRANSACTION_CONFIG
  • BUSINESS_TRANSACTION_GROUP
  • CALL_GRAPH_CONFIGURATION
  • CUSTOM_ACTION
  • CUSTOM_CACHE_CONFIGURATION
  • CUSTOM_EMAIL_ACTION_PLAN_CONFIG
  • CUSTOM_EXIT_POINT_DEFINITION
  • CUSTOM_MATCH_POINT_DEFINITION
  • DASHBOARD
  • DIAGNOSTIC_SESSION_ACTION
  • DOT_NET_ERROR_CONFIGURATION
  • EMAIL_ACTION
  • ERROR_CONFIGURATION
  • EUM_CONFIGURATION
  • EVENT_REACTOR
  • GLOBAL_CONFIGURATION
  • GROUP
  • HTTP_REQUEST_ACTION
  • HTTP_REQUEST_ACTION_MEDIA_TYPE_CONFIG
  • HTTP_REQUEST_ACTION_PLAN_CONFIG
  • HTTP_REQUEST_DATA_GATHERER_CONFIG
  • INFO_POINT
  • JIRA_ACTION
  • JMX_CONFIG
  • MEMORY_CONFIGURATION
  • METRIC_BASELINE
  • MOBILE_APPLICATION
  • NODEJS_ERROR_CONFIGURATION
  • NOTIFICATION_CONFIG
  • OBJECT_INSTANCE_TRACKING
  • PHP_ERROR_CONFIGURATION
  • POJO_DATA_GATHERER_CONFIG
  • POLICY
  • PYTHON_ERROR_CONFIGURATION
  • RULE
  • RUN_LOCAL_SCRIPT_ACTION
  • SCHEDULED_REPORT
  • SERVICE_ENDPOINT_DEFINITION
  • SERVICE_ENDPOINT_MATCH_CONFIG
  • SMS_ACTION
  • SQL_DATA_GATHERER_CONFIG
  • THREAD_DUMP_ACTION
  • TRANSACTION_MATCH_POINT_CONFIG
  • USER
  • WORKFLOW
  • WORKFLOW_ACTION

The Audit report now supports Application Name for the above entities when applicable.

Following is the list of actions supported in auditing:

  • ACCOUNT_REENABLED
  • ACCOUNT_ROLE_ADD_PERMISSION
  • ACCOUNT_ROLE_REMOVE_PERMISSION
  • ACKNOWLEDGE_GDPR_DATA_PRIVACY
  • ANOMALY_DETECTION_CONFIG_CHANGED
  • FLOW_ICON_MOVED
  • GROUP_ADD_ACCOUNT_ROLE
  • GROUP_REMOVE_ACCOUNT_ROLE
  • LDAP_CONFIG_CREATED
  • LDAP_CONFIG_DELETED
  • LDAP_CONFIG_UPDATED
  • LOG_LEVEL_CHANGED
  • LOGIN
  • LOGIN_FAILED
  • LOGOUT
  • LOGOUT_FAILED
  • OBJECT_CREATED
  • OBJECT_DELETED
  • OBJECT_UPDATED
  • SAML_AUTHENTICATION_CONFIG_CREATED
  • SAML_AUTHENTICATION_CONFIG_DELETED
  • SAML_AUTHENTICATION_CONFIG_UPDATED
  • USER_ADD_ACCOUNT_ROLE
  • USER_ADD_TO_GROUP
  • USER_EMAIL_CHANGED
  • USER_PASSWORD_CHANGED
  • USER_PASSWORD_RESET
  • USER_PASSWORD_RESET_COMPLETED
  • USER_REMOVE_ACCOUNT_ROLE
  • USER_REMOVE_FROM_GROUP

Enable or Disable Audit Logging

Audit logging is enabled by default.

Use the Controller Administration Console to change the value for audit.enabled flag. Set audit.enabled value to false to disable audit logging. 

Configure Persistence of State-change Data

Persistence of state-change data in database and audit log file is enabled by default. The value for audit.log.changes.persisted in the admin.jsp file is set to true. However, Administrators choose to stop storing state-change information by disabling the audit.log.changes.persisted flag. It excludes state-change details from the Controller audit schedule reports and audit log history.

 To stop persisting state-change data into database and audit log file, disable the audit.log.changes.persisted flag as follows:

  1. Log in to the administration console: 
    http:<controller-hostname>:8080/controller/admin.jsp or https:<controller-hostname>:45/controller/admin.jsp
  2. On the Controller Settings page, change the value for audit.log.changes.persisted from true to false.

Retain Audit Log

By default, the Controller retains audit logs for 720 hours. To adjust the retention period in the Controller Administration Console, modify the value for audit.log.retention.period parameter