Table of Contents
Graphlytic logging
Graphlytic uses slf4j and logback binding.
Configuration
Logging levels, loggers, appenders, and general log turning on/off is configured in the <GRAPHLYTIC_HOME>/conf/logback.xml file.
The location of log directory with all produced logs is configured in the <GRAPHLYTIC_HOME>/conf/graphlytic.conf file.
Logs
Common log
file: graphlytic.log
Contains all logs.
Audit log
Backend Audit log
File: graphlytic-audit.log
Contains backend audit logs (a subset of the common log):
- when a user was successfully logged into Graphlytic (time, name of the user)
- information about unsuccessful authentication (time, name of the user)
- information about data changing operations for nodes and relationships (create, update, delete) (time, name of the user, name of the operation).
Format of the log record (row in the log file)
<timestamp> INFO AUDIT_LOGGER:<loggerInstanceId> - AUDIT <action> <actionData>
- timestamp - system time
- loggerInstanceId - internal Java logger id, not usable for audit reporting
- action - action code, like CSV_EXPORT_NODE or VIS_ACCESS
- actionData - here are key:value pairs with data specific to the <action>. Every action can have different actionData stored
Implemented events
Action | Custom Data | Note |
---|---|---|
LOGIN_SUCCESS | prior to Graphlytic 3.0.0 logged as "USER auth success" | |
LOGIN_FAILURE | prior to Graphlytic 3.0.0 logged as "USER auth fail" | |
LOGOUT_SUCCESS | ||
CSV_EXPORT_NODES | numOfRecords | numOfRecords - number of exported rows with data |
CSV_EXPORT_RELS | numOfRecords | numOfRecords - number of exported rows with data |
PNG_EXPORT | ||
VIS_CREATE | visId | visId - The ID of the created visualization |
VIS_ACCESS | visId | visId -The ID of the accessed visualization |
PUBLIC_VIS_ACCESS | visId | visId -The ID of the accessed visualization |
VIS_SHARE_USERS | addedUsers, removedUsers | Note: the VIS_SHARE_USERS and VIS_SHARE_GROUPS are always as double record log (two log rows for one action) because with one frontend action of vis sharing there are two backend calls (one call is for change in user sharing list and one is for change in group sharing list) |
VIS_SHARE_GROUPS | addedGroups, removedGroups | |
CREATE_NODE | ||
UPDATE_NODE | ||
UPDATE_NODES | updatedNodes | updatedNodes - number of updated nodes |
DELETE_NODE | ||
CREATE_RELATIONSHIP | ||
UPDATE_RELATIONSHIP | ||
DELETE_NODE_RELATIONSHIP | ||
CREATE_USER | createdUser | If the user was created with the SSO workflow then the 'user' is set to the actually created user. |
UPDATE_USER | updatedUser | |
DELETE_USER | deletedUser | |
UNDELETE_USER | undeletedUser | |
ENABLE_USER | enabledUser | |
DISABLE_USER | disabledUser | |
CHANGE_PASSWORD | passwordChangedForUser | If the password was changed with email password self-service or SSO workflows then the 'user' is set to the same value as 'passwordChangedForUser'. |
CREATE_GROUP | createdGroup, permissions | Permissions is a comma-separated list of all granted permissions, e.g. 'PERM_DATA_MGMT,PERM_SETTINGS'. |
UPDATE_GROUP | updatedGroup, permissions | Permissions is a comma-separated list of all granted permissions, e.g. 'PERM_DATA_MGMT,PERM_SETTINGS'. |
DELETE_GROUP | deletedGroup | |
ADD_USER_TO_GROUP | group, users | The 'users' attribute is a multivalued one with values separated by comma. |
REMOVE_USER_FROM_GROUP | group, users | The 'users' attribute is a multivalued one with values separated by comma. |
UPDATE_GROUP_PERMISSION | group, permissions | Permissions is a comma-separated list of all granted permissions, e.g. 'PERM_DATA_MGMT,PERM_SETTINGS'. |
UPDATE_GROUP_DATA_SECURITY | group | |
UPDATE_SETTINGS | setting | |
CREATE_JOB | job | |
UPDATE_JOB | job | |
DELETE_JOB | job | |
RUN_JOB | job | |
LIBRARY_CREATE | libraryId | libraryId - the ID of library created |
LIBRARY_UPDATE | libraryId | libraryId - the ID of library created |
LIBRARY_DELETE | libraryId | libraryId - the ID of library created |
FILE_IMPORT_STARTED | ||
GREMLIN_QUERY |
Examples
20.01
.
16
10
:
09
:
13.198
INFO AUDIT_LOGGER:
30
- AUDIT LOGIN_SUCCESS user:
'admin'
20.01
.
16
10
:
09
:
24.502
INFO AUDIT_LOGGER:
964
- AUDIT CSV_EXPORT_NODES user:
'admin'
numOfRecords:
16
20.01
.
16
10
:
09
:
55.815
INFO AUDIT_LOGGER:
1118
- AUDIT CSV_EXPORT_RELS user:
'admin'
numOfRecords:
2217
20.01
.
16
10
:
10
:
00.266
INFO AUDIT_LOGGER:
111
- AUDIT PNG_EXPORT user:
'admin'
20.01
.
16
10
:
12
:
13.479
INFO AUDIT_LOGGER:
99
- AUDIT VIS_ACCESS user:
'admin'
visId:
2
20.01
.
16
10
:
12
:
25.981
INFO AUDIT_LOGGER:
148
- AUDIT CSV_EXPORT_WIDGET user:
'admin'
numOfRecords:
2656
20.01
.
16
10
:
13
:
55.033
INFO AUDIT_LOGGER:
43
- AUDIT LOGIN_FAILURE user:
'admin'
exception:
'Bad credentials'
20.01
.
16
10
:
14
:
04.059
INFO AUDIT_LOGGER:
43
- AUDIT LOGIN_FAILURE user:
'someLoginFail'
exception:
'Bad credentials'
20.01
.
16
10
:
14
:
16.990
INFO AUDIT_LOGGER:
30
- AUDIT LOGIN_SUCCESS user:
'admin'
20.01
.
16
10
:
14
:
20.662
INFO AUDIT_LOGGER:
99
- AUDIT VIS_ACCESS user:
'admin'
visId:
2
20.01
.
16
10
:
24
:
26.603
INFO AUDIT_LOGGER:
411
- AUDIT VIS_SHARE_USERS user:
'admin'
visId:
2
addedUsers:
0
removedUsers:
0
20.01
.
16
10
:
24
:
26.604
INFO AUDIT_LOGGER:
449
- AUDIT VIS_SHARE_GROUPS user:
'admin'
visId:
2
addedGroups:
1
removedGroups:
0
Frontend Audit log
File: graphlytic-frontend.log
Contains audit logs (a subset of the common log) of the Graphlytic frontend application with richer context information, e.g. about exploring.
Format of the log record (row in the log file)
{
"serverTimestamp"
:
"2020-02-13T16:44:29.342+01:00"
,
"userLogin"
:
"admin"
,
"ipAddress"
:
"0:0:0:0:0:0:0:1"
,
"eventType"
:
"EXPLORING"
,
"urlPath"
:
"/visualization"
,
"exploringMode"
:
"FINAL_DATA"
,
"exploredNodeIds"
:[
"2"
,
"5"
]}
Implemented events
Action | Custom Data |
---|---|
EXPLORING |
|
SEARCH |
|
Audit Log REST API
GET /audit/data
Service GET /audit/data can be used to read normalized audit log data.
Every record (a parsed line from an audit log file) consists of these attributes:
Record attribute | Data type | Description |
---|---|---|
logger | String | Logger identification. Values are "BE" (backend logger) or "FE" (frontend logger) |
dateTime | Number | Epoch time of the logged event |
username | null or String | Username of the user who created the event. |
action | String | Audit event action. Values: see the chapter below. |
json | null or Object | Additional data for the event. The structure is dependent on the "action" value. |
[
{
"logger"
:
"BE"
,
"dateTime"
:
1581155429371
,
"action"
:
"LOGIN_SUCCESS"
,
"username"
:
"admin"
,
"json"
:
null
},
{
"logger"
:
"BE"
,
"dateTime"
:
1581193189302
,
"action"
:
"UPDATE_NODE"
,
"username"
:
"admin"
,
"json"
:
null
},
{
"logger"
:
"FE"
,
"dateTime"
:
1583488172967
,
"action"
:
"EXPLORING"
,
"username"
:
"admin"
,
"json"
:{
"serverTimestamp"
:
"2020-03-06T10:49:32.967+01:00"
,
"userLogin"
:
"admin"
,
"ipAddress"
:
"0:0:0:0:0:0:0:1"
,
"eventType"
:
"EXPLORING"
,
"urlPath"
:
"/visualization"
,
"exploringMode"
:
"FINAL_DATA"
,
"exploredNodeIds"
:[
"46152"
,
"46153"
,
"46154"
,
"46155"
]
}
}
]
POST /audit/data/frontend
Graphlytic REST API service for frontend events collecting. Can be used in custom widgets to log specific user behavior.
{
"eventType"
:
"some event type"
,
"urlPath"
:
"..."
,
"userTimestamp"
:
"..."
,
...other event data entered as key:value pairs...
}