Skip to main content

Audit trails

The information provided in an Audit Trail can be leveraged for user accountability, reconstruction of events, intrusion detection, and other operational issues. As such, Audit Trails are an indispensable tool for regulatory compliance (e.g. SOX).

For operations performed by users with Operator privileges or above, the Compose for Data Warehouses Audit Trail shows which user performed the operation, when it was performed, and on which objects.

Compose for Data Warehouses retains audit files for two weeks or until they reach a total size of 500 MB (50 files). You can change these settings through the command line interface (CLI) as described in Downloading an Audit Trail file below.

Audit Trail files are located in the following folder:

<Installation_Directory>\data\AuditTrail\audit_service

You can also download an audit trail file (in CSV format) for a specific time range, as described in Downloading an Audit Trail file.

Audit Trail information

Audit Trail files provide all or some of the following information:

  • Timestamp - The time when the row was inserted into the Audit Trail.
  • User - The user that performed the operation.
  • Node - The IP of the server on which the operation was performed.
  • Requested Action - The API method/function that was called.
  • Required Permission - The minimum role of the user that can perform the operation.
  • Effective Permission - The actual role of the user that performed the operation.
  • Security Result - Whether the user is allowed to perform the operation.
  • Action Result - The completion status of the operation (success of failure).
  • Error Message - The error message if the operation failed.
  • Task - The name of the task where relevant.
  • Notification - The notification defined for the operation (if defined).
  • Payload - A URL. To view payload information, simply copy the link from the Payload column and paste it into your browser's address bar.

    Payloads for some operations (e.g. RegisterLicense) contain sensitive information and need to be decoded. For information on decoding payloads, see Decoding an encoded payload.

  • Project Name - The name of the Compose for Data Warehouses project.

Audit Trail files are compressed and tamper-protected.

Downloading an Audit Trail file

You can download an audit trail file with a record of activity for a specific time range.

  1. From the Management drop-down menu, select Audit Trail. The Audit Trail window opens.

  2. From the Time Range drop-down list, select the desired time range. If you select Custom, set From and To values as well.
  3. Click Generate.

Depending on your browser settings, you will either be prompted for a download location or the file will be downloaded automatically to your preferred location.

Configuring Audit Trail size and retention

  1. Open a command prompt and change the working directory to:

    ><COMPOSE_INSTALL_DIR>\bin>

    Default:

    >C:\Program Files\Attunity\Compose for Data Warehouses\bin>

  2. Run the following command:

    >ComposeCli.exe connect

    The following message should be displayed:

    >ComposeForDataWarehouses Control Program completed successfully.

  3. Run the following command:

    >ComposeCli.exe audit_trail control --age weeks --size megabytes

    Where:

    • weeks is the number of weeks to retain the audit trail file (default 2 weeks).

    • megabytes is the maximum size of the audit file to retain (default 500 MB).

Decoding an encoded payload

Some audit records (e.g. RegisterLicenses) may contain an encoded payload. Encoded payloads are displayed as byte arrays and need to be decoded using Base64.

  1. Locate the payload URL in the audit record.

    Example payload URL, available in audit record in the cell marked 'Payload'

  2. Copy the URL into your browser's address bar and press [Enter]. A byte array will be displayed.

    Example byte array available after $type Byte $value

  3. Copy the byte array into a Base64 decoder and decode it.