Auditing
Posit Connect records information about changes to the system. These events can be obtained for auditing purposes. Audited information is available in the Posit Connect dashboard, from the Connect Server API auditing endpoints, using the usermanager
administrative command, or through an additional audit log destination.
The auditing system cannot be disabled and always records changes to the Posit Connect database (even when an optional log file is configured). Database audit entries are maintained indefinitely.
Audited Events
Recorded events in Connect can be triggered by a user or by the system. Each event may have different data associated. A complete list with all the details can be seen at the events catalog page.
Audit Log Output
By default, audited events are only recorded in the database. Admin users are able to view audit entries in the dashboard. It is possible to configure an additional output destination such as a file, STDOUT, or STDERR. See the audit logs documentation for more detailed information.
The Logging.AuditLog
configuration setting controls whether or not auditing records are sent to an additional destination.
The Logging.AuditLogFormat
configuration setting defines the format to be used for the additional audit log destination output. The default format is TEXT
and can also be set as JSON
.
Audit log files contain actions performed through a specific Posit Connect server. In a clustered installation, the auditing files from each server need to be combined.
The Connect dashboard, Server API, and usermanager
tool present all auditing information, not per-server records.
This configuration example enables JSON audit logging and writes to a different file name:
; /etc/rstudio-connect/rstudio-connect.gcfg
[Logging]
AuditLogFormat = "JSON"
AuditLog = "/var/log/posit-connect.audit.json"
See the audit log format documentation for more details about available formats.
Command-Line Interface
The usermanager
administration command-line tool can produce CSV and JSON containing auditing records, and can also filter by time interval. See the Command-Line interface appendix for more information about the usermanager
tool.
Unlike regular audit logs, the usermanager
command-line tool only outputs a limited set of audit fields:
Field | Description |
---|---|
type |
Log type (audit) |
level |
Log level (info , warn , etc) |
action |
The auditable action |
entry_id |
Database entry identifier |
msg |
Context-specific content describing the auditable action |
time |
Timestamp indicating when the log was generated |
user_description |
Description of user |
user_id |
User identifier |