Audit trail
Audit trail provides access to a history of all executed events and procedures on your system. This provides insight into systems information and system integrity and is used for many reasons including compliance, records of change to system including user access, investigation into anomalous system or user behavior and more.
The following actions are logged as part of the audit trail:
- Authentication events (Success & Denied) for system access points (Qlik NPrinting Web Admin, NewsStand, API)
- Qlik NPrinting web administration system configuration
(Create, update and delete events for Qlik NPrinting entities and settings. This includes events from import functions for users and filters, Qlik NPrinting 16 projects and Qlik NPrinting reports.)
- Qlik NPrinting report execution outcome (Who, Where)
Inclusive of scheduled and On-Demand reports - NewsStand events
Installed files
Qlik NPrinting audit database
A separate dedicated database for audit logging is created with Qlik NPrinting Server. This database is created by default with a dedicated user and a randomly generated password. The database is deleted when Qlik NPrinting is uninstalled, so the data needs to be exported before uninstalling if you want to maintain the archive.
Qlik NPrinting audit service
The Qlik NPrinting audit service is installed with Qlik NPrinting Server. The service must be active to write logs to the Qlik NPrinting audit database. The service writes errors to the log file located in %PROGRAMDATA%\NPrinting\Logs\nprinting_audit.log if it fails to write data to the database.
Using the Audit trail
Audit trail logs are consumed via the public REST API https://ServerName:4993/api/v1/audit/logs that provides data as text files separated by tabs.
Do the following:
-
Open the Qlik NPrinting web console in your browser.
-
Log in as a user that has a role with Audit rights.
See: Managing roles
-
Insert the name of your server in https://ServerName:4993/api/v1/audit/logs then paste it in your browser.
A text file will start downloading. Each field will be in a different tab.
-
You can open the file in a text editor, import to Excel, or upload it to a Qlik Sense app.
Filtering Audit trail data
Audit trail data can be filtered via API by:
-
date
-
app id
-
user id
-
target
-
target id
-
data type
The resulting CSV contains only filtered rows. All fields are string types. Fields names are case sensitive.
Field |
Description |
Example |
---|---|---|
start |
The start date and time in the format: yyyy-mm-ddThh:mm:ssZ |
/api/v1/audit/logs?start=2020-10-09T14:53:32Z |
Target |
The target name to filter on. |
/api/v1/audit/logs?target=NewsstandReport |
TargetId | The ID of the target to filter on. |
/api/v1/audit/logs?targetId=b6ae90de-c8ec-4e66-ad6f-d9f71eeec2b2 |
AppId |
The ID of the app to filter on. |
/api/v1/audit/logs?appId=ab53ef11-3cdc-45af-9403-b788eba2b004 |
UserId | The ID of the user to filter on. |
/api/v1/audit/logs?userId=ffe2a664-5698-4189-a989-bc8f16ee146f |
DataType | The data type to filter on. |
/api/v1/audit/logs?dataType=SettingsAudit |
Logged events
Here are some of the event types that are logged:
-
Report distribution events
-
Reports published on the NewsStand
-
Reports published to folder
-
Reports published to Qlik Sense hub
-
Reports send via email
-
-
NewsStand events
-
NewsStand reports events
-
Subscription events
-
-
Engines events
-
Audit Windows service events
-
Users events
-
Authentication and security events
-
Authentication
-
Permissions
-
Password reset
-
-
Publish tasks and On-Demand events
-
Licenses events
-
Conditions events
-
Output file
The output file contains the following information:
Variable |
Description |
---|---|
EventTime |
The ISO 8601 date when the event has happened. |
Source |
The source of event, usually a service. |
Event |
The standard code of the logged event. |
Target |
The object or underlying resource that is being changed. For example: user, app, report. |
TargetId |
The ID of the target object. |
TargetName |
The name of the target object. |
Action |
The change performed on the target. For example: created, updated, read. |
AppId |
The ID of the app where the action is performed. |
UserId |
The ID of the user who performed the action. |
UserName |
The name of the user who performed the action. |
IpAddress |
The IP address which originated the web request. |
Description |
A human readable description of the event. |
Data |
Additional information about the event as a .json object. |
DataType |
Schema for the Data object. |