Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Tenant Management

Audit Logging

search

Audit Logging

Thales Data Protection on Demand (DPoD) collects audit logs for Luna Cloud HSM Services and CDSPaaS. Audit logs provide a record of the outcome (status) of an action (action) by an actor (actorID) on a resource (resourceID). DPoD provides a default audit log retention policy for all users. This policy retains all audit logs for one year (12 months).

Service Provider Administrators cannot access their tenant's audit logs. Tenant Administrators can access logs for all Luna Cloud HSM Services and CDSPaaS services in their tenant. Application Owners can access logs for Luna Cloud HSM Services and CDSPaaS services in their subscriber group.

Displaying logs

Tenant administrators and application owners can access audit logs using the DPoD tenant user interface.

  1. Log in to your DPoD tenant as a tenant administrator or application owner user.

  2. Select the Logs tab.

  3. In the Service Name drop-down menu select a specific service that you would like to display logs for, or select All to display logs for all services.

  4. In the Date Range (UTC) section select a date range that you would like to generate logs for and select Apply.

    Note

    You cannot generate an audit log file larger than 1GB. If you are unable to generate an audit log file and are adhering to the maximum 31 day polling period, we recommend reducing the polling period, or filtering, to narrow the scope of your audit and generate smaller audit log files.

    Tip

    If you are displaying a log file, clicking Apply will not update the displayed log. You must Apply a Date Range and select Display Log to update the displayed log.

  5. Click Display Log to display audit log events for the selected Date Range in the tenant user interface.

    The tenant user interface displays the audit event data in the log table. For more information about the audit event fields see Common Values and Use case specific values.

    You can access additional audit event meta data by clicking the expand button to the left of the event in the log table. The meta section contains additional audit event data specific to the resource.

Downloading logs

Tenant administrators and application owners can download audit logs using the DPoD tenant user interface.

Tip

You can also use the DPoD API to generate audit log files and retrieve signed URLs for access to audit log files using the Audit Query API /v1/audit-log-exports endpoint and a set of Platform Credentials. For more information about using the API to retrieve audit logs see Generate Audit Log File and Retrieve Audit Log File in Using the APIs.

  1. Log in to your DPoD tenant as a tenant administrator or application owner user.

  2. Select the Logs tab.

  3. In the Service Name drop-down menu select a specific service that you would like to display logs for, or select All to display logs for all services.

  4. In the Date Range (UTC) section select a date range that you would like to generate logs for and select Apply.

    Note

    You cannot generate an audit log file larger than 1GB. If you are unable to generate an audit log file and are adhering to the maximum 31 day polling period, we recommend reducing the polling period, or filtering, to narrow the scope of your audit and generate smaller audit log files.

  5. Click Download Log to generate and download an audit log .zip for the selected Date Range in the tenant user interface. The downloaded log file has the same structure and data as audit logs generated and retrieved using the API.

    Audit logs have the following format:

    {
    "time":"<logTime>", 
    "source":"<logSource>",
    "resourceID":"<logResource>",
    "actorID":"<logActor>",
    "tenantID":"<logTenantId>",
    "action":"<logAction>",
    "status":"<logStatus>",
    "traceID":"<traceID>",
    "meta":{"<logMeta>"}
}

    For more information about the audit event fields see Common Values and Use case specific values.

Common values

The following values are common and will appear in all DPoD audit logs:

Value Description
"time" The time of the action. A timestamp in RFC3339 format. If the use case records the audit log time to a fraction of a second DPoD counts those fractions of a second in microseconds. The timestamp takes the format <YYYY>-<MM>-<DD> <hour>:<minute>:<second>.<microsecond> UTC.
"tenantID" The GUID of the tenant that owns the log. The tenantID value is not displayed in the tenant user interface.
"traceID" A unique identifier for the audit log for tracking audit logs throughout the audit system. The traceID value is not displayed in the tenant user interface.

Use case specific values

The source, resourceid, actorid, action, status, and meta values have use case specific descriptions. Please see the use case specific audit log documentation for more information.

On this page