On this page:

13.1Audit Log

 

The Smile CDR audit log is responsible for creating a record of user access to the system, including:

  • Accesses (both read and write) to the FHIR Endpoints
  • Accesses (both read and write) to the Web Admin Console and JSON Admin API
  • Configuration changes

The responsibility of the audit log is to bind these events to a specific user account. Note that user accounts marked as a Service Account will not generate audit log entries.

The audit log is a part of the Smile CDR Cluster Manager module, and runs on every node in a cluster. Configuration for the cluster manager is stored in the Node Configuration Properties File.

Audit Log Configuration

Enabling/Disabling the Audit Log

  • audit_log.db.enabled – Controls whether the audit log will be written to the database. The default value is true. If set to false, no new entries will be written to the database (existing entries are not deleted simply by modifying this setting).
  • audit_log.broker.enabled – Controls whether the audit log will be written to a message broker queue named smilecdr-audit. The default value is false. If set to true, all audit log entries will be written to the queue. If the Smile CDR Message Broker is Kafka, then the audit messages are written to a topic called smilecdr.audit.

Audit log messages written to the queue or topic have a format similar to the following example:

{
  "endpointModuleId" : "fhir_endpoint",
  "endpointNodeId" : "unit_test_node",
  "remoteAddress" : "127.0.0.1",
  "targetModules" : [ ],
  "targetResources" : [ {
    "persistenceModuleModuleId" : "persistence",
    "persistenceModuleNodeId" : "unit_test_node",
    "resourceId" : "Patient/1",
    "resourceVersion" : 1
  } ],
  "targetUsers" : [ ],
  "timestamp" : "2019-11-18T11:08:36.479-05:00",
  "typeCode" : "FHIR_VREAD",
  "typeDisplay" : "FHIR Resource Instance Read (Version-specific)",
  "typeSystem" : "https://smilecdr.com/ns/CodeSystem/CdrAuditEvents",
  "username" : "ADMIN",
  "userModuleId" : "local_security",
  "userNodeId" : "unit_test_node",
  "authenticatedUserType" : "USER"
}