Auditing#
Posit Connect records information about changes to the system. These events
can be obtained for auditing purposes. Audited information is available in the
Posit Connect dashboard, by using the auditing
endpoints in the Connect Server
API, using the usermanager
administrative command, or through an additional audit log destination.
Note
The auditing system cannot be disabled and always records changes to the Posit Connect database (even when an optional log file is configured). Database audit entries are maintained indefinitely.
Audited Events#
Recorded events in Connect can be triggered by a user or by the system. Each event may have different data associated. A complete list with all the details can be seen at the events catalog page.
Audit Log Output#
By default, audited events are only recorded in the database. Admin users are able to view audit entries in the dashboard. It is possible to configure an additional output destination such as a file, STDOUT or STDERR. See the audit logs documentation for more detailed information.
The Logging.AuditLog
configuration setting controls whether or not auditing records are sent to
an additional destination.
The Logging.AuditLogFormat
configuration setting defines the format to be used for the additional audit log destination output.
The default format is TEXT
and can also be set as JSON
.
Note
Audit log files contain actions performed through a specific Posit Connect server. In a clustered installation, the auditing files from each server need to be combined.
The Connect dashboard, Server API, and usermanager
tool present all
auditing information, not per-server records.
This configuration example enables JSON audit logging and writes to a different file name:
; /etc/rstudio-connect/rstudio-connect.gcfg
[Logging]
AuditLogFormat = "JSON"
AuditLog = "/var/log/posit-connect.audit.json"
See the audit log format documentation for more details about available formats.
Command-Line Interface#
The usermanager
administration command-line
tool can produce CSV and JSON containing auditing records, and can also filter
by time interval. See the Command-Line interface appendix
for more information about the usermanager
tool.
Unlike regular audit logs, the usermanager
command-line tool only
outputs a limited set of audit fields:
Field | Description |
---|---|
type |
Log type (audit) |
level |
Log level (info , warn , etc) |
action |
The auditable action |
entry_id |
Database entry identifier |
msg |
Context-specific content describing the auditable action |
time |
Timestamp indicating when the log was generated |
user_description |
Description of user |
user_id |
User identifier |