36.1.1Audit Log Endpoint

 

The Audit Log endpoint can be used to inspect the system audit log.

36.1.2Fetch Audit Log

 
This method requires the VIEW_AUDIT_LOG permission.

This method will return summary information about the audit log, including timestamps, type codes, user id, etc.


To invoke:

GET http://localhost:9000/audit-log

You may also add the following URL parameters:

  • moduleId=[string] – the name of the audit module (default: clustermgr)
  • userId=[int] – the Id of the user
  • from=[date] – the inclusive start range time (in FHIR dateTime format)
  • to=[date] – the inclusive end range time (in FHIR dateTime format)
  • pageIndex=[int] – the page number to return
  • pageSize=[int] – the number of rows to return per page

The server will produce a response resembling the following:

{
  "pageIndex": 0,
  "pageSize": 0,
  "audit-events": [
    {
      "endpointModuleId": "admin_web",
      "endpointNodeId": "Master",
      "id": 53,
      "userModuleId": "local_security",
      "userNodeId": "Master",
      "remoteAddress": "0:0:0:0:0:0:0:1",
      "timestamp": "2017-10-06T17:05:59.942-04:00",
      "typeCode": "USERMGR_CREATE_USER",
      "typeDisplay": "Create a new user",
      "typeSystem": "https://smilecdr.com/ns/CodeSystem/CdrAuditEvents",
      "familyName": "Admin",
      "givenName": "GenericUser",
      "userId": 2,
      "username": "ADMIN"
    }]

}

For brevity only 1 event is shown but a real response might contain many more.

Note the following details:

  • "typeCode": "ADMINWEB_LOGIN" – this code gives the type of audit event;

36.1.3Fetch Individual Event

 
This method requires the VIEW_AUDIT_LOG permission.

This method will return the details of a given audit log, including request URL, detailed timing information, and request/response bodies for some audit types. Note this information may have special privacy and security implications so you should consider carefully before exposing this data.


To invoke (substitute an event ID into the path below):

http://localhost:9000/audit-log/event/{audit_event_id}

You may also add the following URL parameter:

  • includeBody=true – by default the request/response body is not included in the response. You can override this behaviour by using this parameter.

The server will produce a response resembling the following:

{
  "endpointModuleId": "admin_web",
  "endpointNodeId": "Master",
  "id": 52,
  "userModuleId": "local_security",
  "userNodeId": "Master",
  "remoteAddress": "0:0:0:0:0:0:0:1",
  "timestamp": "2017-10-06T17:05:01.898-04:00",
  "typeCode": "ADMINWEB_LOGIN",
  "typeDisplay": "Log into the Web Admin Console",
  "typeSystem": "https://smilecdr.com/ns/CodeSystem/CdrAuditEvents",
  "familyName": "Admin",
  "givenName": "GenericUser",
  "userId": 2,
  "username": "ADMIN"
}