Beginning in February 2020, AppDynamics switched from Semantic Versioning to Calendar Versioning for some agents and the first deployments of SaaS Controllers. In March 2020, the entire product suite will use Calendar Versioning.


Skip to end of metadata
Go to start of metadata

On this page:

Your Rating:
Results:
1 Star2 Star3 Star4 Star5 Star
19 rates


The Controller keeps audit log data in the controller_audit_v2 table. This audit log is used to monitor user activities and configuration changes in the Controller.  

What is Audited

The following entries are audited:

ACCOUNT

ACCOUNT_ROLE

ACTION_SUPPRESSION_WINDOW

AGENT_CONFIGURATION

APPLICATION

APPLICATION_COMPONENT

APPLICATION_COMPONENT_NODE

APPLICATION_CONFIGURATION

APPLICATION_DIAGNOSTIC_DATA

ASYNC_TRANSACTION_CONFIG

BACKEND_DISCOVERY_CONFIG

BUSINESS_TRANSACTION

BUSINESS_TRANSACTION_CONFIG

BUSINESS_TRANSACTION_GROUP

CALL_GRAPH_CONFIGURATION

CUSTOM_ACTION

CUSTOM_CACHE_CONFIGURATION

CUSTOM_EMAIL_ACTION_PLAN_CONFIG

CUSTOM_EXIT_POINT_DEFINITION

CUSTOM_MATCH_POINT_DEFINITION

DASHBOARD

DIAGNOSTIC_SESSION_ACTION

DOT_NET_ERROR_CONFIGURATION

EMAIL_ACTION

ERROR_CONFIGURATION

EUM_CONFIGURATION

EVENT_REACTOR

GLOBAL_CONFIGURATION

GROUP

HTTP_REQUEST_ACTION

HTTP_REQUEST_ACTION_MEDIA_TYPE_CONFIG

HTTP_REQUEST_ACTION_PLAN_CONFIG

HTTP_REQUEST_DATA_GATHERER_CONFIG

INFO_POINT

JIRA_ACTION

JMX_CONFIG

MEMORY_CONFIGURATION

METRIC_BASELINE

MOBILE_APPLICATION

NODEJS_ERROR_CONFIGURATION

NOTIFICATION_CONFIG

OBJECT_INSTANCE_TRACKING

PHP_ERROR_CONFIGURATION

POJO_DATA_GATHERER_CONFIG

POLICY

PYTHON_ERROR_CONFIGURATION

RULE

RUN_LOCAL_SCRIPT_ACTION

SCHEDULED_REPORT

SERVICE_ENDPOINT_DEFINITION

SERVICE_ENDPOINT_MATCH_CONFIG

SMS_ACTION

SQL_DATA_GATHERER_CONFIG

THREAD_DUMP_ACTION

TRANSACTION_MATCH_POINT_CONFIG

USER

WORKFLOW

WORKFLOW_ACTION

The Audit report now supports Application Name for the above entities when applicable.

Following is the list of actions supported in auditing:

ACCOUNT_REENABLED

ACCOUNT_ROLE_ADD_PERMISSION

ACCOUNT_ROLE_REMOVE_PERMISSION

ACKNOWLEDGE_GDPR_DATA_PRIVACY

ANOMALY_DETECTION_CONFIG_CHANGED

FLOW_ICON_MOVED

GROUP_ADD_ACCOUNT_ROLE

GROUP_REMOVE_ACCOUNT_ROLE

LDAP_CONFIG_CREATED

LDAP_CONFIG_DELETED

LDAP_CONFIG_UPDATED

LOG_LEVEL_CHANGED

LOGIN

LOGIN_FAILED

LOGOUT

LOGOUT_FAILED

OBJECT_CREATED

OBJECT_DELETED

OBJECT_UPDATED

SAML_AUTHENTICATION_CONFIG_CREATED

SAML_AUTHENTICATION_CONFIG_DELETED

SAML_AUTHENTICATION_CONFIG_UPDATED

USER_ADD_ACCOUNT_ROLE

USER_ADD_TO_GROUP

USER_EMAIL_CHANGED

USER_PASSWORD_CHANGED

USER_PASSWORD_RESET

USER_PASSWORD_RESET_COMPLETED

USER_REMOVE_ACCOUNT_ROLE

USER_REMOVE_FROM_GROUP


Log File Information by Platform

On-Prem

On-Prem Log Files and Configuration Settings

The information below provides instructions and items that can be configured for on-premise audit logging.

Access Controller Administration Console

The below actions require accessing the Controller Administration Console.

  1. Log in to the console.
    1. Following the instructions in the 'Accessing the Controller Administration Console' page, or
    2. Logging in to http:<controller-hostname>:8080/controller/admin.jspor https:<controller-hostname>:443/controller/admin.jsp with the root password.
  2. Select the Controller Settings tab and continue as instructed below:

Configure Audit Logging

Audit logging is enabled by default. To disable audit logging, set the audit.enabled value flag to false

Configure Persistence of State-change Data

Persistence of state-change data in database and audit log files is enabled by default and can only be disabled through the Controller Administration Console. 

Disabling persistence of state-change data excludes those details from the Controller audit schedule reports and audit log history.

To disable, set the audit.log.changes.persisted value flag to false.

Retain Audit Logs

The Controller retains audit logs for 720 hours by default. To adjust the retention period, set the audit.log.retention.period value parameter. 

Retrieve Log Files

You can retrieve log files for the Controller and Events Service through the Enterprise Console. If you are not yet familiar, please see the Enterprise Console documentation.

  1. On the Controller or Events Service page, expand More options.
  2. Click Retrieve Log to start a Retrieve Log job.
  3. Once completed, the Controller or Events Service log files will be saved as a .zip file to /home/appdynamics/appdynamics/platform/platform-admin on the Enterprise Console host.
    1. The file includes AppServer, Reports Service, and DB logs.

You can also run one of the following commands on the Enterprise Console host:

bin/platform-admin.sh submit-job --service <controller or events-service> --job retrieve-log --platform-name <name_of_the_platform>

SaaS

Retrieve SaaS Controller Audit Log Report

The SaaS Controller Audit Log Report is sent by email according to the addresses added to the configurations page. This report captures the following information:

  • User logins and information changes

  • Controller configuration changes

  • Application properties and object changes such as policies, health rules, and entities listed in the above table.

  • Environment properties changes

AppDynamics supports PDF, JSON, and CSV output formats.

Default Audit Log Configuration Settings

This table shows default settings for your SaaS controller. Please contact your AppD account manager to edit these settings.

Name

Description

Value
audit.enabled

Enable or disable audit logging

true
audit.log.changes.persisted

Enable or disable audit log state change data persistence

true
audit.log.file.count

Number of log files for rotation once exceeding size limit.

1
audit.log.file.enabled

Enable logging audit information into a file.

true
audit.log.file.location

Audit log file locations <empty value means $CONTROLLER_HOME/logs/audit.log>


audit.log.file.size

Maximum log file size (in Bytes) for audit logging.


audit.log.retention.period

Audit log retention period in hours. (30 days)

720

Be aware that AppD only retains Controller Audit Logs for a period of 30 days. If you wish to retain them longer, contact your account manager or download your scheduled reports on a regular basis.

Create a Controller Audit Scheduled Report

You must have account-level permissions to view and configure scheduled reports. See account-level permissions.

You can create new, duplicate existing, or modify current reports as well as set an email delivery schedule to a defined list of recipients. You can also choose the Send Report Now right-click option for an immediate look at the audit details. Review the Reports documentation for more details on other types of reporting.

The Controller Audit reports on the following attributes:

Date and time range

ObjectType

UserName

ObjectName

AccountName

ApiKeyId (if applicable)

Action

ApiKeyName (if applicable)

ApplicationName


Use this report to view changes made to the user information, controller configuration, and application properties. 

  1. Click Dashboards & Reports > Reports > Add Report.

  2. Enter Report Title and Report Subtitle.

    1. Tip:  You can label a report CONFIDENTIAL using Report Subtitle.

    2. Optionally, select Show Title Page to include a title page at the beginning of your report file.

  3. Select Report Type > Controller Audit to define the fields in the Reports Data tab.

  4. Set the time ranges. You can create and manage custom time range if required.

    1. Note:  Custom time range options are available for all the Report Types.

  5. Select your report file format as PDF, JSON, or CSV.

    1. Optionally, uncheck the Show Diff box to remove the Object Changes column from your report file.

  6. Choose the data to include or exclude from the drop-down list.

    1. Repeat as necessary with the following options:

  7. Enter the attribute value

  8. Click +Add.

Controller Audit History API

You can retrieve Controller audit history through the ControllerAuditHistory API method, which returns the configuration and user activities record in a JSON or CSV file for the time range specified. This information is the same as that found in the audit.log file.

Format

GET /controller/ ControllerAuditHistory?startTime=<start-time>&endTime=<end-time>&include=<field>:<value>&exclude=<field>:<value>

Input parameters

Parameter Name
Parameter Type
Value
Mandatory
start-time

Query

Start time in the format: "yyyy-MM-dd'T'HH:mm:ss.SSSZ"

Yes

end-time

Query

End time in the format: "yyyy-MM-dd'T'HH:mm:ss.SSSZ"

Yes

time-zone-id

Query

Time zone

No

include

Query

Restricted information in the Controller audit history

No

exclude

Query

Restricted information in the Controller audit history

No

To control the size of the output, the range between the start-time and end-time cannot exceed twenty-four hours. For periods longer than 24 hours, use multiple queries with consecutive time parameters.

  • Multiple filters of the same type are allowed.

  • The backend API treats include filters with the same <field> with relationship "OR", and filters with different <field> with relationship "AND".

  • There is no direct interaction between include and exclude filters.

  • Each filter needs to be a parameter, e.g. include=filterName1:filterValue1&include=filterName2:filterValue2. See the below examples.

Examples

http://localhost:8080/controller/ControllerAuditHistory?startTime=yyyy-MM-dd%27T%27HH:mm:ss.SSSZ&endTime=yyyy-MM-dd%27T%27HH:mm:ss.SSSZ?include=filterName1:filterValue1&include=filterName1:filterValue1&exclude=filterName1:filterValue1&exclude=filterName1:filterValue1
http://localhost:8080/controller/ControllerAuditHistory?startTime=yyyy-MM-dd%27T%27HH:mm:ss.SSSZ&endTime=yyyy-MM-dd%27T%27HH:mm:ss.SSSZ?include=filterName1:filterValue1&include=filterName1:filterValue1&exclude=filterName1:filterValue1&exclude=filterName1:filterValue1
curl --user user1@customer1:welcome "http://demo.appdynamics.com:8090/controller/ControllerAuditHistory?startTime=2015-12-19T10:50:03.607-0700&endTime=2015-12-19T17:50:03.607-0700&timeZoneId=America%2FSan%20Francisco&include=userName:user1&include=action:LOGIN&exclude=accountName:system&exclude=action:OBJECT_UPDATE"
[{"timeStamp":1450569821811,"auditDateTime":"2015-12-20T00:03:41.811+0000","accountName":"customer1","securityProviderType":"INTERNAL","userName":"user1","action":"LOGIN"},{"timeStamp":1450570234518,"auditDateTime":"2015-12-20T00:10:34.518+0000","accountName":"customer1","securityProviderType":"INTERNAL","userName":"user1","action":"LOGIN"},{"timeStamp":1450570273841,"auditDateTime":"2015-12-20T00:11:13.841+0000","accountName":"customer1","securityProviderType":"INTERNAL","userName":"user1","action":"OBJECT_CREATED","objectType":"AGENT_CONFIGURATION"},
...
{"timeStamp":1450570675345,"auditDateTime":"2015-12-20T00:17:55.345+0000","accountName":"customer1","securityProviderType":"INTERNAL","userName":"user1","action":"OBJECT_DELETED","objectType":"BUSINESS_TRANSACTION"},{"timeStamp":1450570719240,"auditDateTime":"2015-12-20T00:18:39.240+0000","accountName":"customer1","securityProviderType":"INTERNAL","userName":"user1","action":"APP_CONFIGURATION","objectType":"APPLICATION","objectName":"ACME Book Store Application"},{"timeStamp":1450571834835,"auditDateTime":"2015-12-20T00:37:14.835+0000","accountName":"customer1","securityProviderType":"INTERNAL","userName":"user1","action
 
curl --user user1@customer1:welcome "http://127.0.0.1:8080/controller/ControllerAuditHistory?startTime=2019-05-28T08:00:03.607-0700&endTime=2019-05-28T11:32:03.607-0700&timeZoneId=America%2FSan%20Francisco&include=applicationName:ACME"
[{"timeStamp":1559066415823,"auditDateTime":"2019-05-28T18:00:15.823+0000","accountName":"customer1","securityProviderType":"INTERNAL","userName":"user1",