Introduction

The Audit Log and Audit Trail are different means to log activities when using JS7 products:

• The JS7 - Audit Log stores information about changes to the state of objects to the audit.log file.
• The Audit Trail stores information about any REST API requests and responses to the audit-trail.log file.

The purpose of the Audit Trail is preferably about compliance-aware logging.

FEATURE AVAILABILITY STARTING FROM RELEASE 2.8.0

Considerations

Size

The Audit Trail log file can become huge as it includes any REST API requests (GET, POST) and related responses.

SOS cannot provide recommendations on the size of the log file as this depends on the number of REST API requests and the size of related responses.

Users should consider the fact that the Log4j configuration available with JOC Cockpit's log4j2.xml file by default limits the size of the logs directory to 5 GB. When Audit Trail log files grow, then there will be fewer space available to other log files that will be deleted more early.

See chapter Configuration how to adjust the default value.

Log Rotation

The Audit Trail log is subject to log rotation, but not subject to log deletion. The log file will be rotated in the following events whichever occurs first:

• log rotation on first of month,
• log rotation if the log file size of 100 MB is exceeded.

When rotating the Audit Trail log, then the previously used log file is zipped.

Compliance with Data Protection Laws

The Audit Trail allows tracking of user activities and allows to identify any actions performed by users. Such information can be useful to identify offending activities in case of compliance breaches.

When activating the Audit Trail, users should be aware of legal implications. Depending on applicable law, the Audit Trail might not be used or might be used under strict limitations only to pursue offending behavior of users. While this is relevant information in case of security breaches, use of the log file might be denied or limited by local law.

The period for which the Audit Trail is persisted can be ruled by local law. The JS7 will not delete Audit Trail log files. When activating the Audit Trail It is the user's responsibility to comply with applicable law about use of the data and the retention period of the Audit Log.

Configuration

The audit-trail.log file can be activated from the log4j2.xml configuration file located in JOC Cockpit's logs directory like this:
 

<?xml version="1.0" encoding="UTF-8"?>
<Configuration status="WARN">
        <Properties>
                <Property name="TimeZone">Etc/UTC</Property>
                <Property name="RetainDays">30d</Property>
                <Property name="MaxSizeOfRolledOverFiles">5 GB</Property>
                <Property name="MaxSizePerFile">100 MB</Property>
...

<Logger name="JOCAuditTrailLog" additivity="false" level="OFF">
    <AppenderRef ref="AuditTrailLogAppender"/>
</Logger>

Explanations:

• Line 6: to increase the overall limit disk space consumed by log files increase the dfautl value of 5 GB.
• Line 10: to activate Audit Trail logging, modify the log level property from OFF to INFO or DEBUG.