Auditing

Auditing is done using a capability, as described in Accessing and Configuring Capabilities called Audit. For your convenience, this capability is created and enabled by default.

When enabled, a log file located in $data-dir/log/audit/audit.log will be updated each time a user (or internal processes) modify the configuration of NXRM, as well as any asset and component additions and removals.  Each line of this log contains an unformatted JSON message representing a single audit item.  Find a list of available attributes in these JSON messages below:

AttributeDescriptionExample
timestampThe date and time this event occurred2019-02-04 18:12:07,856-0500
nodeIdThe nodeId of the NXRM instance (used to correlate audit logs across multiple NXRM instances)5DF0F434-88A6F4B7-AEDCE785-CAD9628C-8AD86154
initiatorThe initiator of the event, often a username/host combination, unless an interally generated eventadmin/172.16.0.10
domainFunctional area of the systemsecurity.user
typeAction performed in this domaincreated
contextIdentifying details of the eventmynewusername
attributesMap of key:value pairs that contain more details about the event{"id":"mynewusername","name":"John Doe","email":"jdoe@emailserver.com","source":"default","status":"active","roles":"nx-admin"}


This log file will rotate daily, and a maximum of 90 days worth of files will be retained.


Where is the Audit user interface?

NEW IN VERSION 3.16.0

The database which stored audit events and the interface at Administration → System → Audit has been replaced by an audit log text file. The new implementation is better performing and more easily integrated with external tooling.