Skip to main content

Event Format in the Talend Administration Center audit logs

Availability-noteDeprecated

The audit logs are sent following audit specification:

public interface CustomClass  {
	MDC.put(EventFields.USER, "user0");
	MDC.put(EventFields.OPERATION, "create user");
	MDC.put(EventFields.RESOURCE, "user");
	MDC.put(EventFields.RESULT, "success");
	...
}

The audit logs provide the following information:

  • Who: user login

    If the change comes from an Identity Provider, that information is also added to the event.

  • When: timestamps in ISO format (UTC)
  • Where: application name and host name/IP address
  • What: resource, operation, result
A sample log in Talend LogServer is shown below:
{
  "_index": "talendaudit-2018.03.19",
  "_type": "doc",
  "_id": "y8K1PWIB8HccQKv0hq2o",
  "_version": 1,
  "_score": null,
  "_source": {
    "application": "TAC",
    "customInfo": {
      "itemDetail": "Login TAC success - [admin@company.com]",
      "itemUser": "admin@company.com",
      "itemCustomer": "TALEND"
    },
    "service": "",
    "esIndex": "talendaudit-2018.03.19",
    "instance": "DefaultInstance",
    "logTimestamp": "2018-03-19T10:01:53.845Z",
    "logSource": {
      "host.name": "Yang2016-PC",
      "logger.name": "audit.security",
      "host.address": "172.24.38.1"
    },
    "@timestamp": "2018-03-19T10:02:09.285Z",
    "category": "security",
    "threadName": "qtp399653041-112",
    "operation": "login",
    "agentTimestamp": "2018-03-19T10:01:53.860Z",
    "user": "",
    "message": "User admin@company.com login success",
    "headers": {
      "http_connection": "keep-alive",
      "http_host": "192.168.30.202:8057",
      "request_uri": "/",
      "http_version": "HTTP/1.1",
      "http_cache_control": "no-cache",
      "content_length": "643",
      "http_user_agent": "Java/1.8.0_60",
      "http_accept": "text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2",
      "request_method": "POST",
      "http_pragma": "no-cache",
      "content_type": "application/x-www-form-urlencoded",
      "request_path": "/"
    },
    "resource": "user",
    "eventid": "59f9ff26-05a6-4328-826c-c665724046d9",
    "result": "success",
    "priority": "INFO",
    "@version": 1,
    "type": "Audit",
    "audit": "true"
  },
  "fields": {
    "@timestamp": [
      "2018-03-19T10:02:09.285Z"
    ]
  },
  "sort": [
    1521453729285
  ]
}

This log shows the following properties:

  • "application": "TAC"
  • "instance": "DefaultInstance"
  • "user": ""
  • "operation": "login"
  • "resource": "user"
  • "result": "success"
  • "message": "User admin@company.com login success"
  • "customInfo": "itemDetail"

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – please let us know!

Leave your feedback here