Enabling and configuring the audit capability in MDM

You can enable and configure the audit capability in MDM to ensure the audit events are tracked and recorded properly.

For more information about the audit function, see the section on audit logs of Talend Administration Center User Guide.

Procedure

Browse to the file <$INSTALLDIR>/conf/mdm.conf and open it.

Set the property related to the audit capability to the exact path to the audit logging configuration file talend.logging.audit.config=${mdm.root}/conf/audit.properties.

Audit events include the following:

Category	Audit events
Security (authentication)	A user logs in to the web user interface successfully. A user fails to log in to the web user interface. For example, a wrong username or password is used. A user logs out of the web user interface.
Activity (data model)	A data model is deployed. A data model is undeployed. If the deployed data model has a match rule attached to it, the match rule will have its own audit log.
Activity (view)	A view is deployed. A view is undeployed.
Activity (custom role)	A custom role is created and deployed. A custom role is modified and deployed. An existing custom role is undeployed. A custom role is assigned to a user. A custom role is revocated from a user.

Under certain circumstances, for example during migration, you may want to avoid generating audit events. To disable the audit capability, comment out the property talend.logging.audit.config.

Browse to the file <$INSTALLDIR>/conf/audit.properties and open it.

Configure the audit logging properties according to your needs.

You can choose to use all of the log appenders (file and http) or only one of them.

For more information about the audit events, see Generic properties of an MDM audit event.

Property	Description
log.appender=http	The log entries will be sent through HTTP requests. You need to specify the URL and the access credentials (if any). For example: `appender.http.url=http://localhost:8057/ #appender.http.username=talendlogs #appender.http.password=tpsvclogs` You can check the audit events later by accessing the log service platform `http://[log server address]:5601` and selecting talendaudit* from the Dashboard list in the upper left corner.
log.appender=file	The log entries will be placed into a JSON file. In most cases there should be a Filebeat instance picking up new messages and sending them to Logstash. You need to specify the exact path to the file, the maximum size of the file (once exceeded, a new backup file will be created), and the maximum number of backup files allowed in one day. For example: `appender.file.path=${mdm.root}/logs/audit.log appender.file.maxsize=52428800 appender.file.maxbackup=20`

Property

Description

log.appender=http

The log entries will be sent through HTTP requests.

You need to specify the URL and the access credentials (if any). For example:

appender.http.url=http://localhost:8057/
#appender.http.username=talendlogs
#appender.http.password=tpsvclogs

You can check the audit events later by accessing the log service platform http://[log server address]:5601 and selecting talendaudit* from the Dashboard list in the upper left corner.

log.appender=file

The log entries will be placed into a JSON file. In most cases there should be a Filebeat instance picking up new messages and sending them to Logstash.

You need to specify the exact path to the file, the maximum size of the file (once exceeded, a new backup file will be created), and the maximum number of backup files allowed in one day. For example:

appender.file.path=${mdm.root}/logs/audit.log
appender.file.maxsize=52428800
appender.file.maxbackup=20

Save your changes into the file.

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – let us know how we can improve!

Leave your feedback here