Configuring the Audit Log

Egeria’s audit log provides a configurable set of destinations for audit records and other diagnostic logging for an OMAG Server. Some destinations also support a query interface to allow an administrator to understand how the server is running.

If the server is a development or test server, then the default audit log configuration is probably sufficient. This is the just the console audit log destination. Using this option overrides all previous audit log destinations.

POST {serverURLRoot}/open-metadata/admin-services/users/{adminUserId}/servers/{serverName}/audit-log-destinations/default

If this server is a production server then you will probably want to set up the audit log destinations explicitly. You can add multiple destinations and each one can be set up to process specific severities of log records. These severities are provided as a list of strings in the request body of the command. The audit log severities are as follows:

If an empty list is passed as the request body then all severities are supported by the destination.

The command below adds the console audit log destination. This writes selected parts of each audit log record to stdout.

POST {serverURLRoot}/open-metadata/admin-services/users/{adminUserId}/servers/{serverName}/audit-log-destinations/console
{ supported severities }

The next command adds the slf4j audit log destination. This writes full log records to the slf4j ecosystem.

POST {serverURLRoot}/open-metadata/admin-services/users/{adminUserId}/servers/{serverName}/audit-log-destinations/slf4j
{ supported severities }

The next command adds an audit log destination that creates log records as JSON files in a shared directory.

POST {serverURLRoot}/open-metadata/admin-services/users/{adminUserId}/servers/{serverName}/audit-log-destinations/files
{ supported severities }

The next command adds an audit log destination that sends each log record as an event on the supplied event topic. It assumes that the event bus is set up first.

POST {serverURLRoot}/open-metadata/admin-services/users/{adminUserId}/servers/{serverName}/audit-log-destinations/event-topic
{ supported severities }

The next command sets up an audit log destination that is described though a Connection. The connection is passed in the request body. The supported severities can be supplied in the connection’s configuration properties.

POST {serverURLRoot}/open-metadata/admin-services/users/{adminUserId}/servers/{serverName}/audit-log-destinations/connection
{ connection }

The following command clears the list of audit log destinations from the configuration enabling you to add a new set of audit log destinations.

POST {serverURLRoot}/open-metadata/admin-services/users/{adminUserId}/servers/{serverName}/audit-log-destinations/none

It is also possible to set up the audit log destinations as a list of connections. Using this option overrides all previous audit log destinations.

POST {serverURLRoot}/open-metadata/admin-services/users/{adminUserId}/servers/{serverName}/audit-log-destinations
{ list of connections }

License: CC BY 4.0, Copyright Contributors to the ODPi Egeria project.