NuoDB Admin Audit Log

Each Admin process maintains an audit log, which includes records of system access events via the REST API. Detailed audit records are available on role-based access control (RBAC) and REST API request/response levels.

The log is written to $NUODB_LOGDIR/nuoadmin_audit.log, which is /var/log/nuodb/nuoadmin_audit.log by default on Linux. See Environment Variables for more information on log file locations.

Log Format

Each audit entry will be logged on a new line containing the below attributes.

  1. Timestamp.

  2. Logging level.

  3. NuoDB Admin server ID.

  4. NuoDB Admin RBAC user name.

  5. Remote client origin in form of host[address:port] (optional). If host part is the same as address, the former is printed only.

  6. Remote client user agent (optional). It is fetched from the User-Agent HTTP header if available.

  7. REST API method.

  8. REST API endpoint.

  9. Audit message.

2020-10-28T09:58:01.179+0000 WARN nuoadmin3 pwuser [127.0.0.1:40052] python-requests/2.24.0 POST /api/1/diagnostics/log Rejecting request: User pwuser with roles [pwrole] is not authorized for this endpoint
---------------------------- ---- --------- ------ ----------------- ---------------------- ---- ---------------------- --------------------------------------------------------------------------------------
            a                  b      c       d           e                     f             g             h                                                      i

Audit entries having HTTP request and response information will be printed in multiple lines. The audit message contains the request headers and request payload followed by response code, headers, and response payload. Sensitive information like authorization header content and passwords will be masked for security reasons. For example:

2020-10-28T09:58:01.186+0000 INFO nuoadmin3 pwuser [127.0.0.1:40052] python-requests/2.24.0 POST /api/1/diagnostics/log * Server responded to request:
> POST https://localhost:8888/api/1/diagnostics/log
> Accept: */*
> Accept-Encoding: gzip, deflate
> Authorization: ****
> Connection: keep-alive
> Content-Length: 55
> Content-Type: application/json
> Host: localhost:8888
> User-Agent: python-requests/2.24.0
> {"message":"17e54180a0a4b9d275cf6e39d939e0aef6ee9544"}
* Response:
< 401
< Content-Type: application/json
< WWW-Authenticate: Unauthorized
< {"code":401,"message":"HTTP 401 Unauthorized"}

Configure Audit Verbosity

REST API audit logging granularity is controlled using auditVerbosity setting (by default AUTH_FAILURE) in nuoadmin.conf file. The available levels in descending order of verbosity are:

Level Description

ALL

All REST API requests and responses.

ALL_BUT_GET

REST API requests and responses which are not using GET method.

ANY_FAILURE

REST API responses with any status code above 400.

AUTH_FAILURE

REST API responses with status code 401 or 403.

OFF

The highest possible rank and is intended to turn off audit logging.

The payload size in the REST API audit log messages is controlled using auditMaxEntitySize setting (by default 4096) which limits the number of characters printed. To disable payload logging completely, set the value to 0.

In addition to above verbosity settings the logging level for com.nuodb.nagent.rest.audit.LogAuditServiceImpl logger can be increased if needed. For more information and instructions on how to change non-root logger’s level, see About NuoDB Admin tier logging.