Logging, auditing, monitoring
Access logs
It is recommended to deploy the platform behind a proxy and let this proxy log access logs, for example Nginx (default when deploying with Docker).
Service audit logging
The system uses log4j to produce logs. These logs can be configured to be written to disk or sent to a remote log collection service in a properties file and then instruct the Convier agent to use these properties by adding -Dlog4j.configuration=file:<created file>
to the command line argument, before the -jar flag.
Audit logs
System logs high level event types, refereed to as audit events. These audit events include, with parameters. (All events include datetime and event type, access logs also include user IP address, audit logs include user ID).
- Data search: The user queries the API for data.
- Request Query and filter payload
- Result object IDs
- Load object by id: The user loads fragments for one or more objects
- Request object IDs
- Request fragment roles
- Fragment write: The user adds one or more data fragments to the object
- Request object ID
- Request fragment IDs
- Fragment delete: The user removes a fragment from an object
- Request object ID
- Request fragment IDs
- Was success
- Share artifact: A user creates a sharable artifact
- Project ID
- Artifact ID
- Artifact type (graph, etc.)
- Delete artifact: An artifact owner deleted the artifact
- Project ID
- Artifact ID
- Create project: A user created a project
- Project ID
- Delete project: A project owner deleted a project
- Project ID
- Create access key: An owner of a project creates an access key
- Project ID
- Access key name / User group
- Remove access key: An owner of a project removes an access key
- Project ID
- Access key name / User group