Auditing#
Posit Connect records information about changes to the system. These events
can be obtained for auditing purposes. Audited information is available in the
Posit Connect dashboard, by using the auditing
endpoints in the Connect Server
API, using the usermanager
administrative command, or through an optional log file.
Note
The auditing system cannot be disabled and always records changes to the Posit Connect database (even when an optional log file is configured). Database audit entries are maintained indefinitely.
Audited Events#
Recorded events in Connect can be triggered by a user or by the system. Each event may have different data associated. A complete list with all the details can be seen at the events catalog page.
Audit Log File#
Audited events can be optionally written to a file. See the audit logs documentation for more detailed information.
The Logging.AuditLogFormat
configuration setting controls whether or not auditing records are written to
disk. By default, Logging.AuditLogFormat has the value none, which
indicates that auditing information is not written to disk.
Setting Logging.AuditLogFormat to TEXT or JSON will write to the file
named by the Logging.AuditLog
option.
By default, Logging.AuditLog writes to /var/log/rstudio/rstudio-connect/rstudio-connect.audit.log.
The Logging.AuditLog file is created only when the Logging.AuditLogFormat
permits on-disk logging.
Note
Audit log files contain actions performed through a specific Posit Connect server. In a clustered installation, the auditing files from each server need to be combined.
The Connect dashboard, Server API, and usermanager tool present all
auditing information, not per-server records.
This configuration example enables JSON audit logging and writes to a different file name:
; /etc/rstudio-connect/rstudio-connect.gcfg
[Logging]
AuditLogFormat = "JSON"
AuditLog = "/var/log/posit-connect.audit.json"
See the audit log format documentation for more details about available formats.
Command-Line Interface#
The usermanager administration command-line
tool can produce CSV and JSON containing auditing records, and can also filter
by time interval. See the Command-Line interface appendix
for more information about the usermanager tool.
Unlike regular audit logs, the usermanager command-line tool only
outputs a limited set of audit fields:
| Field | Description |
|---|---|
type |
Log type (audit) |
level |
Log level (info, warn, etc) |
action |
The auditable action |
entry_id |
Database entry identifier |
msg |
Context-specific content describing the auditable action |
time |
Timestamp indicating when the log was generated |
user_description |
Description of user |
user_id |
User identifier |