Audit Logging
DPG writes audit logs that record information about who has accessed the DPG application and what operations they have performed within a given period of time. Audit logs can be viewed on the console. Audit logs capture details about DPG configuration changes and access events. Access events provide details to identify - who was responsible for the activity, when and where the activity was performed, and what operations (protect/reveal) were performed.
Format of audit log
Every audit log entry contains the following information:
AUDIT: Audit logs are always enabled for DPG. The
"AUDIT:true"
field can be used to filter audit logs from the application logs.Appname: Application to be protected by DPG.
Client_ID: ID of the client registered on an application.
Endpoint: API URL specified in the DPG policy.
Method: HTTP method that defines action to be performed on a resource.
Source_IP: IP of the request origin.
Status: Status of the request.
Token: Name of the token which is processed.
ProtectionPolicy: Protection policy using which the token is protected/revealed.
Operation: Operation to be performed(protect or reveal).
Location: Location of the token. Possible options are: JSON body or URL in case of query parameter.
AccessPolicy: Access policy associated with token (only required for reveal operation).
Transaction Id: A random ID which remains same for a single request/response.
Type: Determines whether the tokens were processed in request from client or response from server.
User: The user that sends the request to protect/reveal data.
level: Level of logging to be performed. If there is any error, the level is set to
error
. For successful execution, the level is set toinfo
.msg: Any error that occurs at the time of processing tokens are logged here. This field will remain blank if there is no error.
pid: Process ID of DPG.
service: Contains the name of service (DPG) along with its version.
time: The time (in UTC format) when a particular action was performed.