Audit Events Configuration
Prophecy offers robust support for storing audit events (logs) on two of the industry's leading cloud object stores: AWS S3, Azure Blob Storage, GCP Cloud Storage or even local persistent volume (PV). Leveraging the capabilities of these object stores, Prophecy seamlessly synchronizes and persistently stores audit events. This not only ensures the secure retention of crucial data but also facilitates streamlined tracking and in-depth analysis of user interactions and activities for enhanced operational insights.
⚠️ Certain object store level configurations are shared with backup restore configurations. Make sure to configure the object store level configurations before proceeding below.
Usecase
- The overarching objective is to comprehensively track and log every user-level action.
- All user actions will be meticulously recorded and stored, enabling easy retrieval from a persistent storage or object store, particularly when an audit is required.
- To achieve this, each user action will be meticulously tracked and written into designated database tables.
- The data accumulated in these database tables will be periodically transferred and pushed to an object store for efficient storage and management.
Configuration
There are certain environment variables that need to be configured in Athena based on the kind of user events audit logs required.
Navigating to the Audit config UI
To configure object store settings in the Prophecy UI, follow these steps:
- Log in to the Prophecy UI as an admin user.
- Click on the
three dotsat the bottom left corner and select thesettings iconfrom the submenu. - Navigate to the
Adminmain tab. - Within the Admin main tab, access the
Configsub tab. - Finally, click on the
auditConfigsub tab to configure the audit settings.
JSON format
Below are JSON configurations within the Prophecy UI that need to be enabled to support this functionality. You will have to configure only the options which you require. Please make sure to maintain a JSON format mentioned below while configuring the different options.
{
"disableUeventsGC": false,
"enableUserEvents": false,
"ueventsGCSchedule": "0 0 1 * * *",
"ueventsSchedule": "0 0 */1 * * *"
}
Supported Configuration Variables
| Configuration variable name | Description | Default value |
|---|---|---|
disableUeventsGC | Garbage collection of user events from local DB is enabled by default once the events have been pushed to upstream object store. Set this to true to disable this garbage collection to retain this data locally as well. Please note that setting this to true could potentially result in a very large DB size. | false |
enableUserEvents | Set to true to enable user event audit logs | false |
ueventsSchedule | How frequently to push user events to object store. Defaults to every one hour. Uses 6-digit CRON | 0 0 */1 * * * |
ueventsGCSchedule | How frequently to purge old user events from the internal database. Defaults to daily 1 am. Uses 6-digit CRON | 0 0 1 * * * |
To enable user events audit logs
- Set
enableUserEventstotrue - Set
ueventsScheduleto the CRON string for how frequently you'd like user events pushed to the object store. - Set
ueventsGCScheduleto the CRON string for how frequently you'd like old user events removed from the database. PVC Mount point with storage |/backup|
User events audit logs output
By default pushes events to /namespace/audit/ directory in the S3 bucket configured.
Sample output of user audit logs
{"opType": "Query", "createdAt": 1690610557857, "nameHints": ["User"], "userEmail": "prophecy-system@prophecy.io", "customerName": "prophecy.io", "responseCode": 200, "requestParams": {"email": "\"adminuser@prophecy.io\""}, "requestPayload": "[\"_id\",\"name\",\"firstName\",\"lastName\",\"email\",\"created\",\"createdBy\",\"aspects(aspect:[Info]){AspectName AspectValue}\"]", "latencyInMillis": 11}
{"opType": "Query", "createdAt": 1690552930350, "nameHints": ["ProjectReleaseByProjectIdAndStatus"], "userEmail": "prophecy-system@prophecy.io", "customerName": "prophecy.io", "responseCode": 200, "requestParams": {"statuses": "[Pending,Running,Retrying]"}, "requestPayload": "[\"_id\",\"releaseTag\",\"status\",\"attempt\",\"createdBy\",\"project{_id name}\"]", "latencyInMillis": 5}
{"opType": "Query", "createdAt": 1690610557967, "nameHints": ["User"], "userEmail": "prophecy-system@prophecy.io", "customerName": "prophecy.io", "responseCode": 200, "requestParams": {"email": "\"adminuser@prophecy.io\""}, "requestPayload": "[\"_id\",\"name\",\"firstName\",\"lastName\",\"email\",\"created\",\"createdBy\",\"aspects(aspect:[Info]){AspectName AspectValue}\"]", "latencyInMillis": 10}