Smile CDR v2023.02.PRE
On this page:

24.1Audit Log


The Smile CDR audit log is responsible for creating a record of user access to the system, including:

  • Accesses (both read and write) to the FHIR Endpoints
  • Accesses (both read and write) to the Web Admin Console and JSON Admin API
  • User authentication against security endpoints
  • Configuration changes

The responsibility of the audit log is to bind these events to a specific user account. Note that user accounts marked as a Service Account will not generate audit log entries.

The audit log is a part of the Smile CDR Cluster Manager module, and runs on every node in a cluster. Configuration for the cluster manager is stored in the Node Configuration Properties File.

24.1.1Audit Log Configuration


The following properties may be used to control the Audit Log.

  • audit_log.db.enabled – Controls whether the audit log will be written to the database. The default value is true. If set to false, no new entries will be written to the database (existing entries are not deleted simply by modifying this setting).
  • – Controls whether the audit log will be written to a message broker queue named smilecdr-audit. The default value is false. If set to true, all audit log entries will be written to the queue. If the Smile CDR Message Broker is Kafka, then the audit messages are written to a topic called smilecdr.audit.
  • audit_log.request_headers_to_store – Controls which request headers Smile CDR will extract and store along with the audit event. If left empty, no headers will be stored.

24.1.2Disabling the Audit Log


The following snippet may be added to your configuration properties file to completely disable the audit log.


24.1.3Broker Audit Log


Audit log messages written to the queue or topic have a format similar to the following example:

  "endpointModuleId" : "fhir_endpoint",
  "endpointNodeId" : "unit_test_node",
  "remoteAddress" : "",
  "targetModules" : [ ],
  "targetResources" : [ {
    "persistenceModuleModuleId" : "persistence",
    "persistenceModuleNodeId" : "unit_test_node",
    "resourceId" : "Patient/1",
    "resourceVersion" : 1
  } ],
  "targetUsers" : [ ],
  "timestamp" : "2019-11-18T11:08:36.479-05:00",
  "typeCode" : "FHIR_VREAD",
  "typeDisplay" : "FHIR Resource Instance Read (Version-specific)",
  "typeSystem" : "",
  "username" : "ADMIN",
  "userModuleId" : "local_security",
  "userNodeId" : "unit_test_node",
  "authenticatedUserType" : "USER"