Table of Contents

Audit Logs

Ramya Priya Updated by Ramya Priya

Tellius provides support for audit logs — a record of logs that tracks user activities to help maintain individual accountability and derive insights on user behavior.

Audit logs are now available in JSON format. Tellius records the user's information, the operations performed by them, the time of the activity, and the status (success/failure) of each operation. The details regarding the creation, updating, deletion, and view operations performed on every Business View, dataset, Model, datasource, Vizpad, Insights, and user accounts can also be viewed.

How to access audit logs?

Audit logs can be found stored within the sqe-pods-0 pod of any designated deployment. The following steps will lead you directly to these logs:

  1. Input the command kubectl exec -it sqe-pods-0 bash -n dev1
  2. Then, navigate to the directory by using cd /opt/logs/audit

The file named "audit.log," located in the /opt/logs/audit directory, serves as the repository for all ongoing audit logs.

Please note that there will only be one audit log file for each day. Tellius maintains a log history spanning approximately 180 days, or around six months.

What resources can be audited?

The types of resources that can be audited are,

  • Business View
  • Dataset
  • Data source
  • Insight
  • Models
  • User
  • Vizpads

What actions can be audited?

The following actions can be audited:

  • Created
  • Deleted
  • Updated
  • Viewed

The following additional actions are also recorded during user login:

  • Login success
  • Login failure
  • Impersonation success
  • Impersonation failure

How does an audit log look like?

Every line in the audit log signifies one action performed on a resource. It is stored in the JSON format and contains the following fields:

  • timestamp: The current system time with milliseconds precision.
  • payload: Details used while invoking the API call, formatted in JSON.
  • resource: Details about the resource, primarily resource id, resource name, and resource type.
  • event_type: The type of action, as mentioned above.
  • status: The outcome of the API call, either success or failure.
  • initiator: Details about the invoker, which could be a user or an external resource. This includes type (invoker type), source (IP address), userId (if applicable), and userName (if applicable).

Sample audit logs

The following are a few examples for audit logs.

Business View

Create
{
"timestamp": "1657129583251",
"payload": {
"userId": "87f89f16-87d0-445f-86ba-8deaf6xxxxxx",
"resource": {
"ownerId": "87f89f16-87d0-445f-86ba-8deaf6xxxxxx",
"name": "bv_testingSQLQueryEditToDBtable",
"id": "bv_805eef7b-bd42-4a60-9878-c79763xxxxxx"
}
},
"resource": {
"id": "bv_805eef7b-bd42-4a60-9878-c79763xxxxxx",
"type": "businessView",
"name": "bv_testingSQLQueryEditToDBtable"
},
"event_type": "created",
"status": "Success",
"initiator": {
"type": "user",
"source": {
"ip-address": "0.0.0.0"
},
"userId": "87f89f16-87d0-445f-86ba-8deaf6xxxxxx"
}
}
Update
{
"timestamp": "1657187324639",
"payload": {
"userId": "87f89f16-87d0-445f-86ba-8deaf6xxxxxx",
"resource": {
"ownerId": "87f89f16-87d0-445f-86ba-8deaf6xxxxxx",
"name": "bv_testingSQLQueryEditToDBtable",
"id": "bv_805eef7b-bd42-4a60-9878-c79763xxxxxx"
}
},
"resource": {
"id": "bv_805eef7b-bd42-4a60-9878-c79763xxxxxx",
"type": "businessView",
"name": "bv_testingSQLQueryEditToDBtable"
},
"event_type": "updated",
"status": "Success",
"initiator": {
"type": "user",
"source": {
"ip-address": "0.0.0.0"
},
"userId": "87f89f16-87d0-445f-86ba-8deaf6xxxxxx"
}
}
Delete 
{
"timestamp": "2023-03-14 05:38:53.219",
"resource": {
"id": "bv_72e6f24e-de68-4dba-90d8-8ca0f3xxxxxx",
"type": "businessView",
"name": "bv_test_2136_3"
},
"event_type": "deleted",
"status": "success",
"initiator": {
"type": "user",
"source": {
"ip-address": "0.0.0.0"
},
"userId": "76092454-2dda-4765-8455-a90f9cxxxxxx",
"userName": "USER123"
}
}
Viewed
{
"timestamp": "1657093625659",
"payload": {
"userId": "18d60756-712e-4867-a301-430ba7xxxxxx",
"resource": {
"ownerId": "18d60756-712e-4867-a301-430ba7xxxxxx",
"name": "bv3a",
"id": "bv_586f9354-b061-448d-a9e3-7ed114xxxxxx"
}
},
"resource": {
"id": "bv_586f9354-b061-448d-a9e3-7ed114xxxxxx",
"type": "businessView",
"name": "bv3a"
},
"event_type": "viewed",
"status": "Success",
"initiator": {
"type": "user",
"source": {
"ip-address": "0.0.0.0"
},
"userId": "18d60756-712e-4867-a301-430ba7xxxxxx"
}
}

Dataset

Create
{
"timestamp": "1657262500298",
"payload": {
"userId": "87f89f16-87d0-445f-86ba-8deaf6xxxxxx",
"resource": {
"name": "TEL_1059_Livefifadatacsv",
"size": 0,
"id": "load_d43c08a7-b931-40d3-9844-344796xxxxxx",
"datasourceId": "datasource_45c745bd-f376-4de4-921e-8a012axxxxxx",
"ownerId": "87f89f16-87d0-445f-86ba-8deaf6xxxxxx"
}
},
"resource": {
"id": "load_d43c08a7-b931-40d3-9844-344796xxxxxx",
"type": "dataset",
"name": "TEL_1059_Livefifadatacsv"
},
"event_type": "created",
"status": "Success",
"initiator": {
"type": "user",
"source": {
"ip-address": "0.0.0.0"
},
"userId": "87f89f16-87d0-445f-86ba-8deaf6xxxxxx"
}
}

Update
{
"timestamp": "1657207175496",
"payload": {
"userId": "18d60756-712e-4867-a301-430ba7xxxxxx",
"resource": {
"name": "vb_geo_test",
"size": 242757,
"id": "load_9ea1cac1-3fd1-4ccc-94e5-4a12c2xxxxxx",
"datasourceId": null,
"ownerId": "6ca0cc4c-471e-42c5-81fc-7db076xxxxxx"
}
},
"resource": {
"id": "load_9ea1cac1-3fd1-4ccc-94e5-4a12c2xxxxxx",
"type": "dataset",
"name": "vb_geo_test"
},
"event_type": "updated",
"status": "Success",
"initiator": {
"type": "user",
"source": {
"ip-address": "0.0.0.0"
},
"userId": "6ca0cc4c-471e-42c5-81fc-7db076xxxxxx"
}
}

Delete
{
"timestamp": "2023-03-20 07:47:02.310",
"resource": {
"id": "load_11a0086c-e348-4308-91f8-f7a787xxxxxx",
"type": "dataset",
"name": "cust_sql"
},
"event_type": "deleted",
"status": "success",
"initiator": {
"type": "user",
"source": {
"ip-address": "0.0.0.0"
},
"userId": "4102b77b-747e-4f50-8072-41d865xxxxxx",
"userName": "prajwal"
}
}

Viewed
{
"timestamp": "1657093597372",
"payload": {
"userId": "18d60756-712e-4867-a301-430ba7xxxxxx",
"resource": {
"name": "predefined_time_series_test",
"size": 19150,
"id": "load_8b49e467-70ca-4a1d-9ce2-be4cabxxxxxx",
"datasourceId": null,
"ownerId": "18d60756-712e-4867-a301-430ba7xxxxxx"
}
},
"resource": {
"id": "load_8b49e467-70ca-4a1d-9ce2-be4cabxxxxxx",
"type": "dataset",
"name": "predefined_time_series_test"
},
"event_type": "viewed",
"status": "Success",
"initiator": {
"type": "user",
"source": {
"ip-address": "0.0.0.0"
},
"userId": "18d60756-712e-4867-a301-430ba7xxxxxx"
}
}

Datasource

Create
{
"timestamp": "1657262779840",
"resource": {
"id": "datasource_e596c4e7-aca5-4f23-9023-b090d9xxxxxx",
"type": "datasource",
"name": "Spark SQL"
},
"event_type": "created",
"status": "Success",
"initiator": {
"type": "user",
"source": {
"ip-address": null
},
"userId": "87f89f16-87d0-445f-86ba-8deaf6xxxxxx"
}
}

Update
{
"timestamp": "1663659071634",
"resource": {
"id": "datasource_4740579a-6405-4e7d-8f99-4f5af2xxxxxx",
"type": "datasource",
"name": "OracleReactNEwCustomSQl"
},
"event_type": "created",
"status": "success",
"initiator": {
"type": "user",
"source": {
"ip-address": null
},
"userId": "1a840c2f-53f3-465e-b8b0-deb7d3xxxxxx"
}
}

Delete
{
"timestamp": "2023-03-14 02:36:50.042",
"resource": {
"id": "datasource_3704f9d2-0a42-4ea1-bbc4-966869xxxxxx",
"type": "datasource",
"name": "testSalesForce"
},
"event_type": "deleted",
"status": "success",
"initiator": {
"type": "user",
"source": {
"ip-address": "0.0.0.0"
},
"userId": "76092454-2dda-4765-8455-a90f9cxxxxxx",
"userName": "USER123"
}
}

Vizpads

Create
{
"timestamp": "1675140090439",
"resource": {
"id": "86e12d4c-df00-4d2d-896f-945048xxxxxx",
"type": "vizpad",
"name": "OnBoarding Vizpad"
},
"event_type": "created",
"status": "success",
"initiator": {
"type": "user",
"source": {
"ip-address": null
},
"userId": "18d60756-712e-4867-a301-430ba7xxxxxx"
}
}

Update
{
"timestamp": "1668503716950",
"resource": {
"id": "183809ed-251f-45ae-bdab-23cadbxxxxxx",
"type": "vizpad",
"name": "Vizpads Filters"
},
"event_type": "updated",
"status": "success",
"initiator": {
"type": "user",
"source": {
"ip-address": null
},
"userId": "18d60756-712e-4867-a301-430ba7xxxxxx"
}
}

Delete
{
"timestamp": "2023-06-07 14:01:57.176",
"resource": {
"id": "82cee50f-f934-4980-8f35-649ca5xxxxxx",
"type": "vizpad",
"name": "aaa 202306071850"
},
"event_type": "deleted",
"status": "success",
"initiator": {
"type": "user",
"source": {
"ip-address": "0.0.0.0"
},
"userId": "18d60756-712e-4867-a301-430ba7xxxxxx",
"userName": "superUser"
}
}

Viewed
{
"timestamp": "1669027959500",
"resource": {
"id": "183809ed-251f-45ae-bdab-23cadbxxxxxx",
"type": "vizpad",
"name": "Vizpads Filters"
},
"event_type": "viewed",
"status": "success",
"initiator": {
"type": "user",
"source": {
"ip-address": null
},
"userId": "18d60756-712e-4867-a301-430ba7xxxxxx"
}
}

Insights

Create
{
"timestamp": "2023-05-11 12:40:51.666",
"resource": {
"id": "insight_e9460dc1-36c5-4f63-bc81-96a124xxxxxx",
"type": "insight",
"name": "testTrendLiveInsightRefresh"
},
"event_type": "created",
"status": "success",
"initiator": {
"type": "user",
"source": {
"ip-address": "152.58.231.26"
},
"userId": "8564b8f3-80ec-4b01-8f75-3fd7b6xxxxxx",
"userName": "User123"
}
}

Update
{
"timestamp": "2023-04-27 08:18:30.677",
"resource": {
"id": "insight_23705a6e-e2ac-4157-9c76-0bd655xxxxxx",
"type": "insight",
"name": "Non live TrendBasedInsight old 2"
},
"event_type": "updated",
"status": "success",
"initiator": {
"type": "user",
"source": {
"ip-address": "152.58.232.141"
},
"userId": "8564b8f3-80ec-4b01-8f75-3fd7b6xxxxxx",
"userName": "User123"
}
}

Delete
{
"timestamp": "2023-05-22 16:44:18.551",
"resource": {
"id": "insight_e9460dc1-36c5-4f63-bc81-96a12424d023",
"type": "insight",
"name": "testTrendLiveInsightRefresh"
},
"event_type": "deleted",
"status": "success",
"initiator": {
"type": "user",
"source": {
"ip-address": "152.58.209.247"
},
"userId": "8564b8f3-80ec-4b01-8f75-3fd7b6a2cc49",
"userName": "User123"
}
}

Viewed
{
"timestamp": "2023-05-29 05:17:57.055",
"resource": {
"id": "insight_cf759ff6-b456-4799-95e1-e8a099xxxxxx",
"type": "insight",
"name": "Prateek's Insights"
},
"event_type": "viewed",
"status": "success",
"initiator": {
"type": "user",
"source": {
"ip-address": "106.78.72.145"
},
"userId": "18d60756-712e-4867-a301-430ba7xxxxxx",
"userName": "superUser"
}
}

User account

Create
{
"timestamp": "1665464006725",
"payload": {
"email": "abc.def@example.com",
"role": "admin",
"username": "abc.def@example.com",
"lastName": "DEF",
"firstName": "ABC"
},
"resource": {
"id": "e807eecb-393c-487b-9cd5-dfe7eexxxxxx",
"type": "user",
"name": "abc.def@example.com"
},
"event_type": "created",
"status": "success",
"initiator": {
"type": "user",
"source": {
"ip-address": null
},
"userId": "e807eecb-393c-487b-9cd5-dfe7eexxxxxx"
}
}

Update
{
"timestamp": "1661764135677",
"payload": {
"groups": [
"bb063903-e1ae-4dca-8eea-313011b1xxxx",
"bc4a0cc1-ff60-49da-a023-69da53b6xxxx",
"c4059d1e-9336-4d78-8135-5c82f407xxxx",
"2b930262-361d-4740-8fc9-10dd10b0xxxx",
"676dfc30-5205-4c1f-85f5-ac799569xxxx",
"9ac7d6e3-89cf-4e66-bfb6-84cc5fcaxxxx",
"45f42558-1606-4575-b354-ff33c2f5xxxx"
]
},
"resource": {
"id": "f5a0539c-384b-4709-987f-372740axxxxx",
"type": "user",
"name": "autotest"
},
"event_type": "updated",
"status": "success",
"initiator": {
"type": "user",
"source": {
"ip-address": null
},
"userId": "f5a0539c-384b-4709-987f-372740xxxxxx"
}
}

Delete
{
"timestamp": "1670403011587",
"payload": {},
"resource": {
"id": "56d4d652-cf12-4f85-9856-d1ecaexxxxxx",
"type": "user",
"name": "guidetest_002"
},
"event_type": "deleted",
"status": "success",
"initiator": {
"type": "user",
"source": {
"ip-address": null
},
"userId": "56d4d652-cf12-4f85-9856-d1ecaxxxxxx"
}
}

Impersonate
{
"timestamp": "2023-06-02 09:47:23.874",
"payload": {
"userId": "c67a25c3-f026-44ff-a3c1-70ad28xxxxxx",
"remote_ip": "0.0.0.0"
},
"resource": {
"id": "18d60756-712e-4867-a301-430ba7xxxxxx",
"type": "user",
"name": "superUser"
},
"event_type": "impersonation",
"status": "success",
"initiator": {
"type": "user",
"source": {
"ip-address": "0.0.0.0"
},
"userId": "18d60756-712e-4867-a301-430ba7xxxxxx",
"userName": "superUser"
}
}

User login

Success
{
"timestamp": "1665632926423",
"payload": {
"username": "superUser",
"rememberMe": false,
"password": "*****"
},
"resource": {
"id": "18d60756-712e-4867-a301-430baxxxxxx",
"type": "user",
"name": "superUser"
},
"event_type": "login",
"status": "success",
"initiator": {
"type": "user",
"source": {
"ip-address": null
},
"userId": "18d60756-712e-4867-a301-430ba7xxxxxx"
}
}

Failure
{
"timestamp": "2023-06-08 11:09:16.645",
"payload": {
"username": "superUser",
"remote_ip": "0.0.0.0",
"password": "*****"
},
"resource": {
"id": "18d60756-712e-4867-a301-430ba7xxxxxx",
"type": "user",
"name": "superUser"
},
"event_type": "login",
"status": "failure",
"initiator": {
"type": "user",
"source": {
"ip-address": "0.0.0.0"
},
"userId": "18d60756-712e-4867-a301-430ba7xxxxxx",
"userName": "superUser"
}
}

Did we help you?

Contact