Auditing Overview

Fabric has a robust Auditing mechanism that logs various activities running in Fabric. These can be logins, Web Service calls, and various Fabric commands.

Two major Auditing functionalities can be controlled:

  • Filtering strategies: this strategy provides full flexibility over the type of activities that are introduced to the Auditing mechanism. For example, you can audit the Web Service calls only. This flexibility does not impact the performance of other activities, and can save a great deal of disk space.
  • Persistence strategies: this strategy defines the channel for reporting the activities logged by the Auditing mechanism. For example, the channel can be via Cassandra (default), Kafka, files, etc.

The Auditing mechanism can be configured via the [audit] and [audit_kafka_producer] sections of the config.ini. By default, the persistence strategy is Cassandra, and the data is written into the k2_auditing table of the k2audit keyspace.

Auditing Reporting Structure

When an activity is logged by the Fabric Auditing mechanism, it has the following structure:

Name Description Example
action Type of activity performed in Fabric LOGIN, GetCommand, called Web-Service name, etc.
date Activity date 2020-11-05
user Fabric User ID admin, etc...
written_at Activity date and timestamp 2020-11-05 11:49:14.452000+0000
address IP address of the node where the activity is performed. In http/https protocol this appears as a concatenation of the IP address:port 10.21.1.1 or 10.21.1.1:3213
params Activity parameters For a GetCommand [DC_NAME=null|LU_NAME=CRM|IID=1]
protocol Contains the protocol used for the activity, valid values, HTTP/1.1, HTTPS/1.3 or DRIVER or JDBC driver DRIVER
query Activity details like a CQL query for a CQLCommand, a DESCRIBE SCHEMA CRM for a DescribeCommand, or the authentication provider for the LOGIN action. SELECT * FROM CRM.SUBSCRIBER
result Number of affected rows Rows Affected: 3
session_id Session ID 73ae6592

For example, when the user performs login and authentication to the Web Framework, the activity is audited as follows:

  • Action = LOGIN
  • Protocol = HTTP/1.1
  • Query = LDAP/SAML/FABRIC

When the user performs login to the Fabric console, it is audited as follows:

  • Action = LOGIN
  • Protocol = DRIVER
  • Query = LDAP/FABRIC

Logouts are not audited.

Click for more information about the User Identification and Access Management Auditing.

Turning Auditing On/Off

By default, Auditing is set to OFF. To enable Auditing in Fabric, set AUDIT=ON in the config.ini file and then restart Fabric.

Auditing Overview

Fabric has a robust Auditing mechanism that logs various activities running in Fabric. These can be logins, Web Service calls, and various Fabric commands.

Two major Auditing functionalities can be controlled:

  • Filtering strategies: this strategy provides full flexibility over the type of activities that are introduced to the Auditing mechanism. For example, you can audit the Web Service calls only. This flexibility does not impact the performance of other activities, and can save a great deal of disk space.
  • Persistence strategies: this strategy defines the channel for reporting the activities logged by the Auditing mechanism. For example, the channel can be via Cassandra (default), Kafka, files, etc.

The Auditing mechanism can be configured via the [audit] and [audit_kafka_producer] sections of the config.ini. By default, the persistence strategy is Cassandra, and the data is written into the k2_auditing table of the k2audit keyspace.

Auditing Reporting Structure

When an activity is logged by the Fabric Auditing mechanism, it has the following structure:

Name Description Example
action Type of activity performed in Fabric LOGIN, GetCommand, called Web-Service name, etc.
date Activity date 2020-11-05
user Fabric User ID admin, etc...
written_at Activity date and timestamp 2020-11-05 11:49:14.452000+0000
address IP address of the node where the activity is performed. In http/https protocol this appears as a concatenation of the IP address:port 10.21.1.1 or 10.21.1.1:3213
params Activity parameters For a GetCommand [DC_NAME=null|LU_NAME=CRM|IID=1]
protocol Contains the protocol used for the activity, valid values, HTTP/1.1, HTTPS/1.3 or DRIVER or JDBC driver DRIVER
query Activity details like a CQL query for a CQLCommand, a DESCRIBE SCHEMA CRM for a DescribeCommand, or the authentication provider for the LOGIN action. SELECT * FROM CRM.SUBSCRIBER
result Number of affected rows Rows Affected: 3
session_id Session ID 73ae6592

For example, when the user performs login and authentication to the Web Framework, the activity is audited as follows:

  • Action = LOGIN
  • Protocol = HTTP/1.1
  • Query = LDAP/SAML/FABRIC

When the user performs login to the Fabric console, it is audited as follows:

  • Action = LOGIN
  • Protocol = DRIVER
  • Query = LDAP/FABRIC

Logouts are not audited.

Click for more information about the User Identification and Access Management Auditing.

Turning Auditing On/Off

By default, Auditing is set to OFF. To enable Auditing in Fabric, set AUDIT=ON in the config.ini file and then restart Fabric.