Article
Yuri Marx · Nov 28, 2021 3m read

Leveraging the Audit database

The InterSystems IRIS has a great audit system. It is responsible for auditing system events, but you can use it to audit your applications (great feature).

The audit system is based into event concept. The events can occur with IRIS or in an application. So, we have two type of events to the audit system:

1. System events: events occured into the InterSystems IRIS components (database, interoperability, analytics and core);

2. User events: event occured into user/business (your) applications, with the user event types created(mapped) by you in the Management Portal > System > Security Management > User Events.

To see events registered by IRIS components, Go to System Administration > Security > Auditing > Configure System Events. The System events begin with % char + IRIS module (eg. %Ensemble/%Production/StartStop, %System/%Login/Login). If you click Change Status, you can enable or disable the system event type.

To see event registed by business applications (your apps), Go to System Administration > Security > Auditing > Configure User Events. You need to model/register your application event types. The % char at the begin of audit name is reserved to the system audit events.

All audit records are stored into Security.Events persitent Class/SQL table. The audit event name has 3 fields:

1. Source: source of the event (application or module name);

2. Type: type of the event (type of data or type of feature);

3. Event: name of the event (a business name, the means/description of the event).

To query or to see a report with audit records, go into System Administration > Security > Auditing > View Audit Database. See:

In the article I will show to you how to do user audit events inside your application, using a REST application as an example. The sample application to see user audit events is: https://openexchange.intersystems.com/package/Audit-Mediator.

Do this steps for the sample audit application:

1. Clone the project

$ git clone git@github.com:yurimarx/iris-api-audit-mediator.git

2. Build and up the project source code

$ docker-compose up -d --build

3. Go to Management Portal -> System Administration -> Security -> Auditing -> Configure User Events
4. Press button Create New Event
5. Set Event Source: RESTAPI
6. Set Event Type: Request
7. Set Event Name: RESTAPI
8. Press Save
9. Populate yout Person app with data, call the endpoint http://localhost:52773/crud/persons/populate
10. Now, call http://localhost:52773/crud/persons/all, or any other endpoint
11. This request will be registered into Audit database
12. Now Go to Management Portal -> System Administration -> Security -> Auditing -> View Auditing Database
13. Looking for rows with Event Source RESTAPI and Event Type Request and click Detail to see audit record details. See:

14. Click in the Details and see:

The source code responsible to register the user audit event is:

  SET tSC = $$$OK
 
  TRY {
   
    Set tSC = $SYSTEM.Security.Audit("RESTAPI","Request", "RESTAPI","URL: "_pUrl_". Method: "_pMethod_".","REST API request")
     
  } CATCH ex {
    SET tSC = ex.AsStatus()
  }

So, is very easy to do audit, you must use $SYSTEM.Security.Audit() class method. See more details into: https://docs.intersystems.com/irislatest/csp/docbook/DocBook.UI.Page.cls?KEY=AAUDIT.

2
1 361
Discussion (4)0
Log in or sign up to continue

Thanks for this excellent explanation of this feature