Summary: how to configure the audit trail.

Introduction

Out of the box in ≥ 2.0.0, CAST Imaging is configured automatically to log user actions via an audit trail feature. In previous releases, the audit trail is disabled out of the box and will need manually enabling (see below). Audit trail log files are located here:

Microsoft Windows traditional installer:
%PROGRAMFILES%\CAST\ImagingSystem\logs\audit-trail.log

Docker Installer extension:
logs\audit-trail.log

What is logged in the audit trail?

Any of the following GET/PUT/DELETE API actions are logged in the audit trail log:

  • application upload
  • application access
  • application import
  • save actions (e.g. save view)
  • export (e.g object export)
  • delete  (e.g. delete view)
  • domain (tenant manipulation)

Audit trail archiving rules

The following rules are applied to the audit-trail.log file:

Max size before archive in a ZIP (new file created)50MB
Max number of archived files (oldest are automatically removed)30
Max age (days) of archived files (oldest are removed)28

Enable/disable the audit trail

To enable or disable the audit trail, open and edit the following files:

Microsoft Windows traditional installer ≥ 2.17
%APPDATA%\CAST\ImagingSystem\imagingservice\imagingservice.json
%APPDATA%\CAST\ImagingSystem\imagingservice\imagingetl.json

Microsoft Windows traditional installer ≤ 2.16
%APPDATA%\CAST\ImagingSystem\imagingservice\imagingetl.bat
%APPDATA%\CAST\ImagingSystem\imagingservice\imagingservice.bat

Docker Installer extension (located in the folder created when unzipping the extension):
server\app.config
etl\app.config

Microsoft Windows via traditional installer

These files are located in the protected %APPDATA% location, therefore you must open the file with elevated permission (this is usually achieved by right clicking your text editor in the Windows start menu and selecting Run as administrator):

Linux

You may need to use elevated permissions to edit these files (for example use sudo).

Alter the AUDIT_TRAIL flag and set it to true (enabled) or false (disabled) depending on your requirements and then save each file. If the AUDIT_TRAIL entry is not present in the files, then the audit trail will be disabled - if you need to enable it, please add the entry as shown below. The examples below show the audit trail set to true (enabled):

Microsoft Windows traditional installer ≥ 2.17
{
    "PORT": "9001",
    "NEO4J_BOLT_ENDPOINT": "127.0.0.1:7687",
    "NEO4J_USERNAME": "neo4j",
    "NEO4J_PASSWORD": "imaging",
    "NEO4J_IMPORT_PATH": "C:\\ProgramData\\CAST\\ImagingSystem\\Neo4j_data\\import",
    "NEO4J_ARCHIVE_PATH": "C:\\ProgramData\\CAST\\ImagingSystem\\Neo4j_data\\import\\archive",
    "NEO4J_IMPORT_BATCH_SIZE": "1000",
    "TOKEN": "D5ED6A406775FC71B8D2A978883E8ED4",
    "LOG_PATH": "C:\\Program Files\\CAST\\ImagingSystem\\logs\\",
    "LOG_LEVEL": "info",
    "AUDIT_TRAIL": true,
    "WEB_SERVICE_LINKER_PATH": "C:\\Program Files\\CAST\\ImagingSystem\\web-service-linker",
    "ETL_AUTOMATION_BINARY_PATH": "C:\\Program Files\\CAST\\ImagingSystem\\imagingetl",
    "CUSTOM_LEVELX": "C:\\Program Files\\CAST\\ImagingSystem\\imagingservice\\custom-levels.json",
    "HTTP_ENDPOINT": "http://127.0.0.1:8084"
}

imagingservice.json

{
    "APP_CONFIG": "C:\\Users\\<user>\\AppData\\Roaming\\CAST\\ImagingSystem\\imagingservice\\app-config.json",
    "PORT": "9000",
    "NEO4J_USERNAME": "neo4j",
    "NEO4J_PASSWORD": "imaging",
    "NEO4J_BOLT_ENDPOINT": "127.0.0.1:7687",
    "NEO4J_IMPORT_PATH": "C:\\ProgramData\\CAST\\ImagingSystem\\Neo4j_data\\import",
    "TOKEN": "D5ED6A406775FC71B8D2A978883E8ED4",
    "LOG_PATH": "C:\\Program Files\\CAST\\ImagingSystem\\logs\\",
    "LOG_LEVEL": "info",
    "AUDIT_TRAIL": true,
    "LOGGER_TIMEOUT": 60
}
Microsoft Windows traditional installer ≤ 2.16

imagingetl.bat

@echo off
SetLocal EnableDelayedExpansion
for %%a in (%0) do set CMDDIR=%%~dpa
@set PATH=C:\Program Files\CAST\ImagingSystem\jdk\bin;%PATH%

imagingetl.exe 	-PORT=9001 ^
				-NEO4J_BOLT_ENDPOINT=127.0.0.1:7687 ^
				-NEO4J_USERNAME="neo4j" ^
				-NEO4J_PASSWORD="imaging" ^
				-NEO4J_IMPORT_PATH="C:\Program Files\CAST\ImagingSystem/neo4j/import/" ^
				-NEO4J_ARCHIVE_PATH="C:\Program Files\CAST\ImagingSystem/neo4j/import/archive/" ^
				-NEO4J_IMPORT_BATCH_SIZE=1000 ^
				-TOKEN "D5ED6A406775FC71B8D2A978883E8ED4" ^
				-LOG_PATH="C:\Program Files\CAST\ImagingSystem/logs/" ^
				-LOG_LEVEL=info ^
				-AUDIT_TRAIL=true
if errorlevel 1 exit /b 1
exit /b 0

imagingservice.bat

@echo off
SetLocal EnableDelayedExpansion
for %%a in (%0) do set CMDDIR=%%~dpa
@set PATH=C:\Program Files\CAST\ImagingSystem\jdk\bin;%PATH%

imagingservice.exe 	-APP_CONFIG "C:\Users\James\AppData\Roaming\CAST\ImagingSystem\imagingservice/app-config.json" ^
					-PORT 9000 ^
					-NEO4J_USERNAME "neo4j" ^
					-NEO4J_PASSWORD "imaging" ^
					-NEO4J_BOLT_ENDPOINT "127.0.0.1:7687" ^
					-NEO4J_IMPORT_PATH "C:\Program Files\CAST\ImagingSystem/neo4j/import/" ^
					-TOKEN "D5ED6A406775FC71B8D2A978883E8ED4" ^
					-LOG_PATH="C:\Program Files\CAST\ImagingSystem/logs/" ^
					-LOG_LEVEL=info ^
					-AUDIT_TRAIL=true
if errorlevel 1 exit /b 1
exit /b 0
Docker for Linux/Windows

server/app.config

{
    "PORT": "9000",
    "NEO4J_USERNAME": "neo4j",
    "NEO4J_PASSWORD": "imaging",
    "NEO4J_BOLT_ENDPOINT": "neo4j:7687",
    "ETL_ENDPOINT": "etl:9001",
    "TOKEN": "__my_token__",
    "NEO4J_IMPORT_PATH": "/opt/imaging/imaging-service/upload/",
    "LOG_PATH": "/opt/imaging/imaging-service/logs/",
    "LOG_LEVEL": "debug",
	"AUDIT_TRAIL": true,
    "APP_CONFIG": "app-config.json"
}

etl/app.config

{
"PORT": "9001",
"NEO4J_BOLT_ENDPOINT": "neo4j:7687",
"NEO4J_USERNAME": "neo4j",
"NEO4J_PASSWORD": "imaging",
"TOKEN": "__my_token__",
"NEO4J_IMPORT_PATH": "/opt/imaging/imaging-etl/upload/",
"NEO4J_ARCHIVE_PATH": "/opt/imaging/imaging-etl/upload/archive/",
"NEO4J_IMPORT_BATCH_SIZE": "1000",
"LOG_PATH": "/opt/imaging/imaging-etl/logs/",
"LOG_LEVEL": "debug",
"AUDIT_TRAIL": true
}

Applying the changes

Restart all CAST Imaging services to apply the changes.