Format

The audit logs are stored as text files on the server in the folder <Logs>/Audit/<date>.[system].audit.log in the following line format. Not that each line is not a valid JSON object.

[Date and Timestamp]|[JSON OBJECT]

JSON OBJECT

{
	"AuditDateTime":"2017-12-04T12:22:25.3788728+01:00",
	"PerformedBy":"admin@meridix.se",
	"PerformedByIp":"::1",
	"PerformedByContext":"IIS Web Application",
	"AuditType":"Allowed",
	"EntityFullName":null,
	"OperationType":"OpenSpecification",
	"EntityIdentifier":null,
	"EntityStorageId":0,
	"Details":"Specification type: CallSpecificationRecord",
	"ChangedProperties":"",
	"RequestUrl":"/Reports/Specification "
}

Field	Description
AuditDateTime	The time stamp
PerformedBy	The username of the current user
PerformedByIp	The IP number of the client if any
PerformedByContext	Info about the execution context, for example if the operation was performed by the web application, back end service, CLI client etc.
AuditType	Allowed/Denied/Insert/Update/Delete
EntityFullName	The full name of the entity type associated if any. e.g. Meridix.Studio.Common.MeasurementObject
OperationType	The type of operation that generated the audit log E.g. ReportExecution OpenSpecification MeasurementObject (name of the object affected should be combined with the audit type e.g. MeasurementObject Updated etc.)
EntityIdentifier	The domain id of the entity (e.g. user/object) related to the audit log. This field ties an operation to a actual user/object/customer etc.
EntityStorageId	The database id of the entity (e.g. user/object) related to the audit log. This field ties an operation to a actual user/object/customer etc.
Details	Custom unstructured message that contains information about the operation e.g. what measurement objects that was included in a report etc.
ChangedProperties	List updated propertied including pre and post values. Format Value:[OldValue=>NewValue]; Multiple values delimited with ; Example Description:[Lars=>Lars W]
RequestUrl	The URL of the request that resulted in the audit log if any. For example if a operation is executed when a user is on the start page the value would be /Start etc. Allows simple tracking of what pages an user used to set the application in a given state. Can be empty/null.

Example

2017-12-04 12:22:18.3443|{"AuditDateTime":"2017-12-04T12:22:18.3443557+01:00","PerformedBy":"admin@meridix.se","PerformedByIp":"","PerformedByContext":"IIS Web Application","AuditType":"Allowed","EntityFullName":null,"OperationType":"ReportExecution","EntityIdentifier":null,"EntityStorageId":0,"Details":"Created a 'BcsUserId' report for the period '2017-11-27 00:00:00Z'->'2017-12-04 00:00:00Z' on 'johan.wendelstam@480'","ChangedProperties":null,"RequestUrl":""}

2017-12-04 12:22:25.3643|{"AuditDateTime":"2017-12-04T12:22:25.3788728+01:00","PerformedBy":"admin@meridix.se","PerformedByIp":"::1","PerformedByContext":"IIS Web Application","AuditType":"Allowed","EntityFullName":null,"OperationType":"OpenSpecification","EntityIdentifier":null,"EntityStorageId":0,"Details":"Specification type: CallSpecificationRecord","ChangedProperties":null,"RequestUrl":"/Reports/Specification?ref=%2fReports%2fAdvanced%3fmc%3dTelepoBcs%26m%3dBcsCdrV2%26bfm%3dtrue&stn=Meridix.Studio.Common.CallSpecificationRecord"}

2017-12-06 07:56:51.0661|{"AuditDateTime":"2017-12-06T07:56:51.0711703+01:00","PerformedBy":"admin@meridix.se","PerformedByIp":"::1","PerformedByContext":"IIS Web Application","AuditType":"Update","EntityFullName":"Meridix.Studio.Common.MeasurementObject","OperationType":"MeasurementObject","EntityIdentifier":"lars.wendelstam@480#Meridix.se","EntityStorageId":209331,"Details":null,"ChangedProperties":"Description:[Lars=>Lars W]","RequestUrl":"/Admin/Subscribers"}

Browser not supported