Audit Logging

Category: Modules
Subcategory: Tracing

Overview

This module logs all actions within the Mendix application. This makes it possible to track all activity and investigate who did what and when in the system. In addition, this module can also help you analyze and solve bugs. Default included targets are the Mendix log, Splunk and Papertrail. The architecture is set up in such a way that additional targets can be added.

Documentation

Demo urlhttps://www.jam-it.nl/products/jamauditlog/

What is JamAuditLog?
The development of the JamAuditLog has grown organically within JAM-IT. Various customers have requests such as:

  • A audit trail for compliant reasons
  • Who is responsible for which change?

This module offers more than just the basics: logging actions by a user within an application. The main purpose of JamAuditLog is to be compliant with audit logging. By enabling audit logging, you can track all activity and investigate who did what and when in the system. In addition, this module also helps you solve and analyze bugs.

Benefits
Do you include this module in your project? Then the JamAuditLog works immediately and no further actions are required. This means that you do not have to change the domain model within Mendix, which saves valuable process time. In addition, the JamAuditTrial is 5x faster than the standard Mendix Audit trial.

What sets the JamAuditLog apart?
The core of the JamAuditLog logs the changes. These changes are sent to a target. You can configure and add any target. The architecture is set up in such a way that additional targets can be added. Decide for yourself where your logging is saved in which system. Do you opt for a logging system such as the Mendix log, Splunk or Papertrail? It is also possible to have the logging of different applications centrally in one system.

All functionalities at a glance

  • Audit logging
    • Create, Change, Delete and AutoCommitDelete
      • For all entities, including:
        • Object GUID
        • Attributes that indicate identity (e.g. Name, ID)
        • Changed attributes
        • Path to source
        • User name
        • User's IP address
  • Does not require any (runtime) configuration
  • Ability to help in resolving AutoCommit errors
  • By default, all entities are included, unless they are excluded (using regular expressions)
  • Logging is written to one or more targets, such as the Mendix log, Splunk and Papertrail.

This version should work completely on a development environment. For production use a license is required. Would you like more information or request a quote? Mail us to info@jam-it.nl or call 06 33 13 94 23.

Installation

  • Import JamAuditLog.mpk
  • Make sure JamAuditLog.AfterStartup is called after startup
  • Multiple target implementations are possible. It is also possible to create your own. Contact us for more information. Included are target implementations for the Mendix log, Papertrail and Splunk. 

Constants

  •     EnableOnLocalhost: Set this constant to false if you do not want to sent log from localhost to the external system.
  •     AuditLoggerConfig: Json configuration file, for example:

{
    "externalConfig": "https://some.where/else.json"
}

or

{
    "logLevel": "WARNING",
    "changeEntityExcludes": [
        "System..*",
        "DeepLink..*"
    ],
    "createEntityExcludes": [
        "System..*",
        "DeepLink..*"
    ],
    "deleteEntityExcludes": [
        "System..*",
        "DeepLink..*"
    ],
    "sensitiveAttributes": [".*password"],
    "implementations": {
        "papertrail": {
            "port": 0,
            "host": "logs.papertrailapp.com",
            "enabled": true
        },
        "splunk": {
            "enabled": true,
            "url": "https://inputs.prd-p-XXXX.splunkcloud.com:8088",
            "token": "xxx"
        },
        "mendixLog": {"enabled": true}
    }
}

Config values

  • logLevel: The level on which the Audit record will be logged.
  • changeEntityExcludes: A regular expression of entity and attribute names to be excluded from the Change action. For example you also want to exclude the PageView entity from the JamCommons module: System..*|JamCommons.PageView
  • createEntityExcludes: A regular expression of entity and attribute names to be excluded from the Create action. For example you also want to exclude the PageView entity from the JamCommons module: System..*|JamCommons.PageView
  • deleteEntityExcludes: A regular expression of entity and attribute names to be excluded from the Delete action. For example you also want to exclude the PageView entity from the JamCommons module: System..*|JamCommons.PageView
  • sensitiveAttributes: A regular expression of attribute names whoos value should remain hidden. For example: .*password


Configuring Papertrail
After creating an account on https://papertrailapp.com you can add a system. Choose 'something else' in the from drop down.
Then scroll down to the bottom of the page and click on 'I need to specially name my system'. 
Choose 'My system's hostname changes' and give it a name. Press save.

Set config values implementations.papertrail:

  • enabled: To enable this implementation set this constant to true.
  • host: You can find the host when you edit your system on papertrailapp.com. It is in the configuration section, copy and paste the part before ':' from 'Logs to'. For example: logs5.papertrailapp.com
  • port: You can find the port when you edit your system on papertrailapp.com. It is in the configuration section, copy and paste the part after ':' from 'Logs to'. For example: 10402


You can find the log under the menu item 'Event'.

Configuring Splunk
After creating an account on https://www.splunk.com you should open Splunk Cloud and check whether the HTTP Event Collector is enabled. (It is enabled by default on Splunk Cloud). Create an Event Collector token on Splunk Cloud. More information can be found on https://docs.splunk.com/Documentation/Splunk/8.2.2/Data/UsetheHTTPEventCollector#Set_up_and_use_HTTP_Event_Collector_in_Splunk_Web.

Set config values implementations.splunk:

  • enabled: To enable this implementation set this constant to true.
  • token: Token used to authenticate to Splunk. You can find the token value in the HTTP Event Collector on Splunk Cloud.
  • url: Endpoint of the Splunk HTTP Event Collector. You can be found the url in the address bar of Splunk Coud. The standard port number 8088 is used. For example: https://inputs.prd-p-XXXX.splunkcloud.com:8088

You can find the log by navigate to 'Search & Reporting' from Splunk Cloud home page.
In the search bar, you can search for 'sourcetype="httpevent"' or 'source = http:{NameOfTheToken}' to find the desired log.
Details of the log can be find by click the '+' icon to expand the message. You also have a option to 'Show as raw text' for each event.

Known limitations

  • The Path of an action triggered from an button with event 'Save changes' or 'Delete' will be empty.
  • Actions will not recorded when a 'Commit without events' is used.

Releases

Version: 1.0.1
Framework Version: 9.0.5
Release Notes: Security update for Java library com.google.code.gson
Version: 1.0.0
Framework Version: 9.0.5
Release Notes: - Initial release