Skip to main content

Audit trail

Audit trail provides access to a history of all executed events and procedures on your system. This provides insight into systems information and system integrity and is used for many reasons including compliance, records of change to system including user access, investigation into anomalous system or user behavior and more.

The following actions are logged as part of the audit trail:

  • Authentication events (Success & Denied) for system access points (Qlik NPrinting Web Admin, NewsStand, API)
  • Qlik NPrinting web administration system configuration

    (Create, update and delete events for Qlik NPrinting entities and settings. This includes events from import functions for users and filters, Qlik NPrinting 16 projects and Qlik NPrinting reports.)

  • Qlik NPrinting report execution outcome (Who, Where)
    Inclusive of scheduled and On-Demand reports
  • NewsStand events

Installed files

Qlik NPrinting audit database

A separate dedicated database for audit logging is created with Qlik NPrinting Server. This database is created by default with a dedicated user and a randomly generated password. The database is deleted when Qlik NPrinting is uninstalled, so the data needs to be exported before uninstalling if you want to maintain the archive.

Qlik NPrinting audit service

The Qlik NPrinting audit service is installed with Qlik NPrinting Server. The service must be active to write logs to the Qlik NPrinting audit database. The service writes errors to the log file located in %PROGRAMDATA%\NPrinting\Logs\nprinting_audit.log if it fails to write data to the database.

Using the Audit trail

Audit trail logs are consumed via the public REST API https://ServerName:4993/api/v1/audit/logs that provides data as text files separated by tabs.

Do the following:

  1. Open the Qlik NPrinting web console in your browser.

  2. Log in as a user that has a role with Audit rights.

    See: Managing roles

  3. Insert the name of your server in https://ServerName:4993/api/v1/audit/logs then paste it in your browser.

    A text file will start downloading. Each field will be in a different tab.

  4. You can open the file in a text editor, import to Excel, or upload it to a Qlik Sense app.

Filtering Audit trail data

Audit trail data can be filtered via API by:

  • date

  • app id

  • user id

  • target

  • target id

  • data type

The resulting CSV contains only filtered rows. All fields are string types. Fields names are case sensitive.

Filter fields

Field

Description

Example

start

The start date and time in the format: yyyy-mm-ddThh:mm:ssZ

/api/v1/audit/logs?start=2020-10-09T14:53:32Z

Target

The target name to filter on.

/api/v1/audit/logs?target=NewsstandReport
TargetId The ID of the target to filter on.

/api/v1/audit/logs?targetId=b6ae90de-c8ec-4e66-ad6f-d9f71eeec2b2

AppId

The ID of the app to filter on.

/api/v1/audit/logs?appId=ab53ef11-3cdc-45af-9403-b788eba2b004

UserId The ID of the user to filter on.

/api/v1/audit/logs?userId=ffe2a664-5698-4189-a989-bc8f16ee146f

DataType The data type to filter on.

/api/v1/audit/logs?dataType=SettingsAudit

Logged events

Here are some of the event types that are logged:

  • Report distribution events

    • Reports published on the NewsStand

    • Reports published to folder

    • Reports published to Qlik Sense hub

    • Reports send via email

  • NewsStand events

    • NewsStand reports events

    • Subscription events

  • Engines events

  • Audit Windows service events

  • Users events

  • Authentication and security events

    • Authentication

    • Permissions

    • Password reset

  • Publish tasks and On-Demand events

    • Licenses events

    • Conditions events

Output file

The output file contains the following information:

Output file columns

Variable

Description

EventTime

The ISO 8601 date when the event has happened.

Source

The source of event, usually a service.

Event

The standard code of the logged event.

Target

The object or underlying resource that is being changed. For example: user, app, report.

TargetId

The ID of the target object.

TargetName

The name of the target object.

Action

The change performed on the target. For example: created, updated, read.

AppId

The ID of the app where the action is performed.

UserId

The ID of the user who performed the action.

UserName

The name of the user who performed the action.

IpAddress

The IP address which originated the web request.

Description

A human readable description of the event.

Data

Additional information about the event as a .json object.

DataType

Schema for the Data object.