Audit Logging

DPG writes audit logs that record information about who has accessed the DPG application and what operations they have performed within a given period of time. Audit logs can be viewed on the console. Audit logs capture details about DPG configuration changes and access events. Access events provide details to identify - who was responsible for the activity, when and where the activity was performed, and what operations (protect/reveal) were performed.

Format of audit log

    {
        "AUDIT": true,
        "AppName": "test",
        "Client_Id": "e611eb8e-2463-4040-8fe5-eb1243294ae4",
        "Endpoint": "/api/sample/resource/123",
        "Method": "POST",
        "Source_Ip": "127.0.0.1",
        "Status": "FAIL",
        "Tokens": [
                {
                "Token": "point",
                "ProtectionPolicy": "url",
                "ProtectionPolicy_Version": 1,
                "Operation": "Protect",
                "AccessPolicy": "N/A",
                "Location": "url",
                "Status": "SUCCESS"
                },
                {
                "Token": "CreditCard.[*].CCNumber",
                "ProtectionPolicy": "CCN",
                "ProtectionPolicy_Version": 1,
                "Operation": "Protect",
                "AccessPolicy": "N/A",
                "Location": "json",
                "Status": "SUCCESS"
                },
                {
                "Token": "CreditCard.[*].CVV",
                "ProtectionPolicy": "CVV",
                "ProtectionPolicy_Version": 1,
                "Operation": "Protect",
                "AccessPolicy": "N/A",
                "Location": "json",
                "Status": "FAIL"
                }
                ],
                "Transaction_Id": "dcc91429-101c-42b8-9f67-102725a77004",
                "Type": "Request",
                "User": "user1",
                "level": "error",
                "msg": "Generic local cryptography error",
                "pid": 7763,
                "service": "DPG1.2.0",
                "time": "Thu, 20 Oct 2022 14:44:03 +0000"
    }

Every audit log entry contains the following information:

• AUDIT: Audit logs are always enabled for DPG. The "AUDIT:true" field can be used to filter audit logs from the application logs.

• Appname: Application to be protected by DPG.

• Client_ID: ID of the client registered on an application.

• Endpoint: API URL specified in the DPG policy.

• Method: HTTP method that defines action to be performed on a resource.

• Source_IP: IP of the request origin.

• Status: Status of the request.

• Token: Name of the token which is processed.

• ProtectionPolicy: Protection policy using which the token is protected/revealed.

• Operation: Operation to be performed(protect or reveal).

• Location: Location of the token. Possible options are: JSON body or URL in case of query parameter.

• AccessPolicy: Access policy associated with token (only required for reveal operation).

• Transaction Id: A random ID which remains same for a single request/response.

• Type: Determines whether the tokens were processed in request from client or response from server.

• User: The user that sends the request to protect/reveal data.

• level: Level of logging to be performed. If there is any error, the level is set to error. For successful execution, the level is set to info.

• msg: Any error that occurs at the time of processing tokens are logged here. This field will remain blank if there is no error.

• pid: Process ID of DPG.

• service: Contains the name of service (DPG) along with its version.

• time: The time (in UTC format) when a particular action was performed.