Event Format in the Talend Administration Center audit logs - 7.3

Talend Administration Center User Guide

EnrichVersion
7.3
EnrichProdName
Talend Big Data
Talend Big Data Platform
Talend Data Fabric
Talend Data Integration
Talend Data Management Platform
Talend Data Services Platform
Talend ESB
Talend MDM Platform
Talend Real-Time Big Data Platform
EnrichPlatform
Talend Administration Center
task
Administration and Monitoring

The audit logs are sent following audit specification:

public interface CustomClass  {
	MDC.put(EventFields.USER, "user0");
	MDC.put(EventFields.OPERATION, "create user");
	MDC.put(EventFields.RESOURCE, "user");
	MDC.put(EventFields.RESULT, "success");
	...
}

The audit logs provide the following information:

  • Who: user login

    If the change comes from an Identity Provider, that information is also added to the event.

  • When: timestamps in ISO format (UTC)
  • Where: application name and host name/IP address
  • What: resource, operation, result
A sample log in Talend Log Server is shown below:
{
  "_index": "talendaudit-2018.03.19",
  "_type": "doc",
  "_id": "y8K1PWIB8HccQKv0hq2o",
  "_version": 1,
  "_score": null,
  "_source": {
    "application": "TAC",
    "customInfo": {
      "itemDetail": "Login TAC success - [admin@company.com]",
      "itemUser": "admin@company.com",
      "itemCustomer": "TALEND"
    },
    "service": "",
    "esIndex": "talendaudit-2018.03.19",
    "instance": "DefaultInstance",
    "logTimestamp": "2018-03-19T10:01:53.845Z",
    "logSource": {
      "host.name": "Yang2016-PC",
      "logger.name": "audit.security",
      "host.address": "172.24.38.1"
    },
    "@timestamp": "2018-03-19T10:02:09.285Z",
    "category": "security",
    "threadName": "qtp399653041-112",
    "operation": "login",
    "agentTimestamp": "2018-03-19T10:01:53.860Z",
    "user": "",
    "message": "User admin@company.com login success",
    "headers": {
      "http_connection": "keep-alive",
      "http_host": "192.168.30.202:8057",
      "request_uri": "/",
      "http_version": "HTTP/1.1",
      "http_cache_control": "no-cache",
      "content_length": "643",
      "http_user_agent": "Java/1.8.0_60",
      "http_accept": "text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2",
      "request_method": "POST",
      "http_pragma": "no-cache",
      "content_type": "application/x-www-form-urlencoded",
      "request_path": "/"
    },
    "resource": "user",
    "eventid": "59f9ff26-05a6-4328-826c-c665724046d9",
    "result": "success",
    "priority": "INFO",
    "@version": 1,
    "type": "Audit",
    "audit": "true"
  },
  "fields": {
    "@timestamp": [
      "2018-03-19T10:02:09.285Z"
    ]
  },
  "sort": [
    1521453729285
  ]
}

This log shows the following properties:

  • "application": "TAC"
  • "instance": "DefaultInstance"
  • "user": ""
  • "operation": "login"
  • "resource": "user"
  • "result": "success"
  • "message": "User admin@company.com login success"
  • "customInfo": "itemDetail"