Discussion (12)5
Log in or sign up to continue

Hi Dmitrij,

Is the documentation here and here helpful for answering your question? If not, could you please elaborate on what you are trying to do or find out?

I see that you tagged this as being about IRIS BI, but the kind of audit events with an Event Source, as discussed at the links above, are separate from the IRIS BI auditing options that you can read about here. If you have questions about IRIS BI auditing, please let me know.

Hi! 

Thanks for your answer. I've read the docs through out couple times to find the explanation but did not find any. I'll try to express my self more crystal

Suppose i have some myUI app in my IRIS instance. This myUI using DeepSee REST API to get the data. I need to get track of any activity on that UI at any time (in general when a user requests the data)

What should i need as the audit source? 

myUI? Some endpoint from API? Some class executing by this endpoint?

Documentation says:
"Event Source*

The component of the InterSystems IRIS instance that is the source of the event. For InterSystems IRIS events, this is “%System” or “%Ensemble”. For user-defined events, the name can be any string that includes alphanumeric characters or punctuation, except for colons and commas; it can begin with any of these characters except for the percent sign. This can be up to 64 bytes."

Ok, what string? How any random string can be serve as audit source? Same for the audit type 

I get that the string represents my app or part of it, but how that will track actions from myUI?

Audit does not happen automatically. For some record to appear in the Audit log you need to call the following method:

Do $SYSTEM.Security.Audit(EventSource,EventType,Event,EventData,Description)

So in order for the REST-calls of the REST API to be audited you need to add the call above in the REST API

EventSource in this case is anything you specify when calling the Audit() method. Later, in the Audit Database UI you can filter by this EventSource

https://docs.intersystems.com/iris20242/csp/docbook/DocBook.UI.Page.cls?...

As others in this thread have said, custom audit events from applications are added to the Audit Log using a call to $system.Security.Audit(). The events must be defined ahead of time in the Portal, using Configure User Events. All events (system and custom) have a 3-part name: Source, Type, and Name. I think of these parts as Main Category, Subcategory, and Name.

The person(s) defining the custom events can choose all 3 parts of the name, in order to categorize all the custom events they're defining. So you could use Source = ABC, Type = DEF, and Name = XYZ. The names are totally up to you. Once defined, the event gets added by some code calling $system.Security.Audit("ABC", "DEF", "XYZ").