Audit logs
Delphix helps you keep a record of user actions taken in the UI or directly through our REST APIs. You can access these audit logs directly from our UI or through our APIs.
Audit logs UI page
The Audit Logs can be found on the UI under the Audit tab. The user should be an admin to access this page.
This page contains information on what action occurred, the user that performed the action, and the time at which the action occurred.
The logs on the screen can be filtered or sorted by the various informational fields by clicking on the respective fields. More information on grid filtering and sorting can be found here.
Sortable columns are Timestamp, User, Status, and Activity.
Filterable columns are Timestamp, User, Status, Activity, Audit Action, and Audit Target.
It also provides an option to download logs as PDFs. Users can select the Export PDF option from the top right corner and Logs will be downloaded as a PDF file.
Audit log APIs
With 5.3.2.0, Delphix introduced an endpoint to get all Audit Logs. This endpoint contains the user name, action type, target, status, start time, and end time. For more information please refer to API documentation.
What gets logged?
User actions are categorized into the following:
Cancel | Create | Delete | Edit | Export | Get | Get All |
Import | Lock | Login | Logout | Run | Test | Unlock |
The objects that user actions target are categorized into the following:
Algorithm | Analytics | Application | Application Log | Async Task | Audit Log | |
Column Metadata | Database Connector | Ruleset Connector | Database Ruleset | Domain | Encryption Key | Environment |
Execution | File Connector | File Download | File Field Metadata | File Format | File Metadata | File Ruleset |
File Upload | LDAP | Mainframe Dataset Connector | Mainframe Dataset Field Metadata | Mainframe Dataset Format | Mainframe Dataset Metadata | Mainframe Dataset Ruleset |
Masking Job | Profile Expression | Profile Job | Profile Set | Re Identification Job | Role | SSH Key |
SSO | Syncable Object | System Information | Table Metadata | Tokenization | User |
Retention policy
The default policy stores the last one million Audit Log entries. Any entries older than the most recent million are removed daily. Additionally, there is a fail-safe mechanism that prevents an attacker from forcing an unbounded number of actions to be logged to overload the system's disk space. In the event that such an attack occurs, Delphix also logs it to the application logs.
Recommendation
If a full record of all Audit Log entries is desired, Delphix recommends using the new API to periodically retrieve new entries from the Audit Logs.