Auditing

Posit Connect records information about changes to the system. These events can be obtained for auditing purposes. Audited information is available in the Posit Connect dashboard, from the Connect Server API auditing endpoints, using the usermanager administrative command, or through an additional audit log destination.

Note

The auditing system cannot be disabled and always records changes to the Posit Connect database (even when an optional log file is configured). Database audit entries are maintained indefinitely.

Audited Events

Recorded events in Connect can be triggered by a user or by the system. Each event may have different data associated. A complete list with all the details can be seen at the events catalog page.

Audit Log Output

By default, audited events are only recorded in the database. Admin users are able to view audit entries in the dashboard. It is possible to configure an additional output destination such as a file, STDOUT, or STDERR. See the audit logs documentation for more detailed information.

The Logging.AuditLog configuration setting controls whether or not auditing records are sent to an additional destination.

The Logging.AuditLogFormat configuration setting defines the format to be used for the additional audit log destination output. The default format is TEXT and can also be set as JSON.

Note

Audit log files contain actions performed through a specific Posit Connect server. In a clustered installation, the auditing files from each server need to be combined.

The Connect dashboard, Server API, and usermanager tool present all auditing information, not per-server records.

This configuration example enables JSON audit logging and writes to a different file name:

; /etc/rstudio-connect/rstudio-connect.gcfg
[Logging]
AuditLogFormat = "JSON"
AuditLog = "/var/log/posit-connect.audit.json"

See the audit log format documentation for more details about available formats.

Command-Line Interface

The usermanager administration command-line tool can produce CSV and JSON containing auditing records, and can also filter by time interval. See the Command-Line interface appendix for more information about the usermanager tool.

Unlike regular audit logs, the usermanager command-line tool only outputs a limited set of audit fields:

Field Description
type Log type (audit)
level Log level (info, warn, etc)
action The auditable action
entry_id Database entry identifier
msg Context-specific content describing the auditable action
time Timestamp indicating when the log was generated
user_description Description of user
user_id User identifier