Action log data collected

Different levels and types of information are logged when you enable action logs and system monitoring.

Log entries include the following information.
  • The time of the action.
  • The time the server logged the action.
  • The addresses for the server and the computer where the action was performed.
  • The user name who performed the logged action.
  • The category of the action, specifying whether the action originated on the Spotfire Server (such as an admin action) or from a service (such as Automation Services).
  • The logged action, including properties (identifying properties or arguments) specific to the action performed. For example, when a user changes a password, the property uName is logged to indicate the user name. These properties are displayed in the logged entries as id1, id2, and arguments arg1-arg6.
  • Whether the action was completed successfully.
  • The session and service instance unique identifiers.

See Action log entries for more information. See Sample action log output for an example of a typical set of user actions logged to the action logs.

Logs recorded to a database read the action log column names, and then map them to the fields contained in the database to create a database view. For example, when a user changes a password, the text log entry resembles the following.

2017-03-18T09:36:00.381+0100;10.100.32.129;jdoe;2017-03-18T09:36:00,381+0100;10.98.45.189;
admin;change_passwd;true;7583cdc4-a6b8-40d4-88e6-90f5d499ff79

When the log entry is written to the database, it logs a specific view. For an Oracle database, it is defined as the following.

CREATE OR REPLACE VIEW ADMIN_CHANGE_PASSWD AS SELECT 
LOGGED_TIME, 
MACHINE, 
USER_NAME, 
ORIGINAL_TIME, 
ORIGINAL_IP, 
SUCCESS, 
SESSION_ID, 
ID1 AS UNAME FROM ACTIONLOG WHERE LOG_CATEGORY = 'admin' AND LOG_ACTION = 'change_passwd'