Audit

Daria Barysheva

The Audit page in the ADB Control web interface is designed to display statistics on ADB relation accesses (in clusters used for monitoring), as well as information on user authorizations and other operations in ADB Control. This page includes three tabs, each of which is described in detail below.

adbc audit common dark
The Audit page
adbc audit common light
The Audit page

Relations

List of relations

The Relations tab on the Audit page displays the number of user accesses to relations of databases located in ADB clusters that are used for monitoring. You can view data for the current date, week, or month.

adbc audit relations dark
The Relations tab
adbc audit relations light
The Relations tab

On the tab, there is a table with the following information.

The "Relations" tab fields
Field Description

Database

A database name

Schema

A schema name

Relation

A relation name

Times accessed

A number of accesses to the specified relation for the time period that is defined in the Select time period filter

Last accessed

A timestamp of the last access to the specified relation in the DD/MM/YYYY HH:mm:ss format

Above the table with a list of relations, there are filters that you can use to select specific data. Available filters are listed below:

  • Cluster — filter by the cluster name. Select a value from the drop-down list.

  • Time range — filter by the last access time (see Last accessed above). Select one of the following values:

    • Last day — current day;

    • Last week — current week;

    • Last month — current month.

adbc audit relations2 dark
Filters on the Relations tab
adbc audit relations2 light
Filters on the Relations tab

In the column headers of the table with a list of relations, there are filters that you can use to select specific data. To open a filter, click the openside dark openside light icon. For those columns where the set of possible values is limited (e.g. Database), you can select a value from the drop-down list. For some columns (e.g. Schema), the search value should be entered.

The filtered dark filtered light icon means that a filter is defined for the column. To reset all filters, click Reset.

Relation audit details

To view audit details for the specific relation, you can click the row corresponding to that relation in the table listed above.

IMPORTANT

The ability to view the relation audit details is available for ADB Control users with appropriate permissions (see View secured relation audit in the Authorization article).
adbc audit relation modal1 dark
Switch to the relation audit details
adbc audit relation modal1 light
Switch to the relation audit details

The window that opens, includes two tabs:

  • Times accessed — general statistics of accesses to the relation over the entire observation period for all users.

  • Security audit —  statistics of accesses to the relation in the context of ADB users over the time range that is selected in the Select time period filter.

adbc audit relation modal2 dark
Modal window with audit details
adbc audit relation modal2 light
Modal window with audit details
The "Times accessed" section fields
Field Description

Today

A total number of accesses to the specified relation for the current day

This week

A total number of accesses to the specified relation for the current week

This month

A total number of accesses to the specified relation for the current month

Last access

A timestamp of the last access to the specified relation in the DD/MM/YYYY HH:mm:ss format
The "Security audit" tab
Field Description

User

A name of the user who accessed the relation during the selected time period

Times accessed

A number of user accesses to the relation over the selected time period

Last accessed

A timestamp of the last user access to the relation in the DD/MM/YYYY HH:mm:ss format

Total accessed

A total number of user accesses to the relation over the entire observation period

Above the table in the Security audit section, there are filters that you can use to select specific data. Available filters are listed below:

  • Search user…​ — filter by the user name (see User above). Enter a full value.

  • Select time period — filter by the last access time of the specific user to the relation (see Last accessed above). Select one of the following values:

    • day — current day;

    • week — current week;

    • month — current month.

At the top of the Security audit section, the To commands history link is located. You can click it to to view the history of SQL commands for the selected relation on the Monitoring → Commands → History page. The Relation and Schema filters are filled in on the history page automatically.

adbc audit relation modal3 dark
History of commands for the selected relation
adbc audit relation modal3 light
History of commands for the selected relation

Operations

The Operations tab on the Audit page displays a list of operations launched by ADB Control users during the specified time period. Current day data is displayed by default.

adbc audit operations dark
The Operations tab
adbc audit operations light
The Operations tab

On the tab, there is a table with the following information.

The "Operations" tab fields
Field Description

Object name

An object name

Object type

A type of the object on which the operation has been performed. Possible values:

Operation type

A type of the operation that has been applied to the Object name object. Possible values:

  • Cancel

  • Create

  • Delete

  • Resource group change

  • Terminate

  • Update

  • Archive

  • Activate

Result

An operation result. Possible values:

  • Success

  • Failed

  • Denied

Operation time

An operation end timestamp in the DD/MM/YYYY HH:mm:ss format

Username

A name of the user who performed the operation

Session

An identifier of the ADB Control user session where the operation was initiated

Host

IP address of the host from which the operation was initiated

The first table column Object name contains the error dark error light button. When you click this button, under the current table row a block appears with a list of object parameters that were modified during the current operation.

adbc audit operations2 dark
List of modified parameters
adbc audit operations2 light
List of modified parameters

In the column headers of the table with a list of operations, there are filters that you can use to select specific data. To open a filter, click the openside dark openside light icon. For those columns where the set of possible values is limited (e.g. Object type), you can select a value from the drop-down list. For some columns (e.g. Object name), the search value should be entered. For columns that show date and time (e.g. Operation time), the time range can be selected from the calendar.

The filtered dark filtered light icon means that a filter is defined for the column. To reset all filters, click Reset.

Authorizations

The Authorizations tab on the Audit page displays a list of ADB Control user authorizations for the selected time period. It displays both successful and failed login attempts. Additionally, you can see there failed authorizations in ADB. Current day data is displayed by default.

adbc audit authorizations dark
The Authorizations tab
adbc audit authorizations light
The Authorizations tab

On the tab, there is a table with the following information.

The "Authorizations" tab fields
Field Description

Operation time

An event timestamp in the DD/MM/YYYY HH:mm:ss format

Username

A user name

Session

A unique session identifier

Message

An error message. For example, the following message indicates incorrect credentials: Bad credentials, 4 attempts left

Auth type

An authorization type:

  • ADCC — ADB Control login attempt via basic authentication;

  • ADCC LDAP — ADB Control login attempt via LDAP authentication;

  • ADB — failed ADB login attempt;

  • ADB LDAP — failed ADB login attempt via LDAP authentication.

Type

An event type. Possible values:

  • Auth

  • Logout

  • Session expired

Result

An event result. Possible values:

  • Success

  • Failed

Host

IP address of the host from which the event was initiated. This column becomes visible after table customization

Session Time

A start timestamp of the session (within which the current event took place) in the DD/MM/YYYY HH:mm:ss format. This column becomes visible after table customization

If necessary, you can add columns to the table. To do this, click Customize table and select column names in the section that opens. Currently you can add the Host and Session Time columns (see column descriptions above).

adbc audit authorizations4 dark
Table customization
adbc audit authorizations4 light
Table customization

In the column headers of the table with a list of authorization events, there are filters that you can use to select specific data. To open a filter, click the openside dark openside light icon. For those columns where the set of possible values is limited (e.g. Auth type), you can select a value from the drop-down list. For some columns (e.g. Username), the search value should be entered. For columns that show date and time (e.g. Operation time), the time range can be selected from the calendar.

The filtered dark filtered light icon means that a filter is defined for the column. To reset all filters, click Reset.

Found a mistake? Seleсt text and press Ctrl+Enter to report it