Enabling and configuring the audit capability in MDM - 8.0

Talend Installation Guide

Version
8.0
Language
English
Operating system
Windows
Subscription type
Subscription
Product
Talend Big Data
Talend Big Data Platform
Talend Data Fabric
Talend Data Integration
Talend Data Management Platform
Talend Data Services Platform
Talend ESB
Talend MDM Platform
Talend Real-Time Big Data Platform
Module
Talend Activity Monitoring Console
Talend Administration Center
Talend Artifact Repository
Talend CommandLine
Talend Data Preparation
Talend Data Stewardship
Talend ESB
Talend Identity and Access Management
Talend Installer
Talend JobServer
Talend LogServer
Talend MDM Server
Talend MDM Web UI
Talend Runtime
Talend SAP RFC Server
Talend Studio
Content
Installation and Upgrade
Last publication date
2022-10-30
Available in...

Data Fabric

MDM Platform

You can enable and configure the audit capability in MDM to ensure the audit events are tracked and recorded properly.

For more information about the audit function, see Audit logs.

Procedure

  1. Browse to the file <$INSTALLDIR>/conf/mdm.conf and open it.
  2. Set the property related to the audit capability to the exact path to the audit logging configuration file talend.logging.audit.config=${mdm.root}/conf/audit.properties.
    Audit events include the following:

    Category

    Audit events

    Security (authentication)

    • A user logs in to the web user interface successfully.

    • A user fails to log in to the web user interface. For example, a wrong username or password is used.

    • A user logs out of the web user interface.

    Activity (data model)

    • A data model is deployed.

    • A data model is undeployed.

    If the deployed data model has a match rule attached to it, the match rule will have its own audit log.

    Activity (view)

    • A view is deployed.

    • A view is undeployed.

    Activity (custom role)

    • A custom role is created and deployed.
    • A custom role is modified and deployed.
    • An existing custom role is undeployed.
    • A custom role is assigned to a user.
    • A custom role is revocated from a user.
    Under certain circumstances, for example during migration, you may want to avoid generating audit events. To disable the audit capability, comment out the property talend.logging.audit.config.
  3. Browse to the file <$INSTALLDIR>/conf/audit.properties and open it.
  4. Configure the audit logging properties according to your needs.
    You can choose to use all of the log appenders (file and http) or only one of them.

    For more information about the audit events, see Generic properties of an MDM audit event.

    Property

    Description

    log.appender=http

    The log entries will be sent through HTTP requests.

    You need to specify the URL and the access credentials (if any). For example:

    appender.http.url=http://localhost:8057/
    #appender.http.username=talendlogs
    #appender.http.password=tpsvclogs

    You can check the audit events later by accessing the log service platform http://[log server address]:5601 and selecting talendaudit* from the Dashboard list in the upper left corner.

    log.appender=file

    The log entries will be placed into a JSON file. In most cases there should be a Filebeat instance picking up new messages and sending them to Logstash.

    You need to specify the exact path to the file, the maximum size of the file (once exceeded, a new backup file will be created), and the maximum number of backup files allowed in one day. For example:

    appender.file.path=${mdm.root}/logs/audit.log
    appender.file.maxsize=52428800
    appender.file.maxbackup=20
  5. Save your changes into the file.