Introduction
Out of the box in ≥ 2.0.0, CAST Imaging is configured automatically to log user actions via an audit trail feature. In previous releases, the audit trail is disabled out of the box and will need manually enabling (see below). Audit trail log files are located here:
Microsoft Windows traditional installer: %PROGRAMFILES%\CAST\ImagingSystem\logs\audit-trail.log Docker Installer extension: logs\audit-trail.log
What is logged in the audit trail?
Any of the following GET/PUT/DELETE API actions are logged in the audit trail log:
- application upload
- application access
- application import
- save actions (e.g. save view)
- export (e.g object export)
- delete (e.g. delete view)
- domain (tenant manipulation)
Audit trail archiving rules
The following rules are applied to the audit-trail.log file:
| Max size before archive in a ZIP (new file created) | 50MB |
|---|---|
| Max number of archived files (oldest are automatically removed) | 30 |
| Max age (days) of archived files (oldest are removed) | 28 |
Enable/disable the audit trail
To enable or disable the audit trail, open and edit the following files:
Microsoft Windows traditional installer ≥ 2.17 %APPDATA%\CAST\ImagingSystem\imagingservice\imagingservice.json %APPDATA%\CAST\ImagingSystem\imagingservice\imagingetl.json Microsoft Windows traditional installer ≤ 2.16 %APPDATA%\CAST\ImagingSystem\imagingservice\imagingetl.bat %APPDATA%\CAST\ImagingSystem\imagingservice\imagingservice.bat Docker Installer extension (located in the folder created when unzipping the extension): server\app.config etl\app.config
Microsoft Windows via traditional installer
These files are located in the protected %APPDATA% location, therefore you must open the file with elevated permission (this is usually achieved by right clicking your text editor in the Windows start menu and selecting Run as administrator):
Linux
You may need to use elevated permissions to edit these files (for example use sudo).
Alter the AUDIT_TRAIL flag and set it to true (enabled) or false (disabled) depending on your requirements and then save each file. If the AUDIT_TRAIL entry is not present in the files, then the audit trail will be disabled - if you need to enable it, please add the entry as shown below. The examples below show the audit trail set to true (enabled):
| Microsoft Windows traditional installer ≥ 2.17 | {
"PORT": "9001",
"NEO4J_BOLT_ENDPOINT": "127.0.0.1:7687",
"NEO4J_USERNAME": "neo4j",
"NEO4J_PASSWORD": "imaging",
"NEO4J_IMPORT_PATH": "C:\\ProgramData\\CAST\\ImagingSystem\\Neo4j_data\\import",
"NEO4J_ARCHIVE_PATH": "C:\\ProgramData\\CAST\\ImagingSystem\\Neo4j_data\\import\\archive",
"NEO4J_IMPORT_BATCH_SIZE": "1000",
"TOKEN": "D5ED6A406775FC71B8D2A978883E8ED4",
"LOG_PATH": "C:\\Program Files\\CAST\\ImagingSystem\\logs\\",
"LOG_LEVEL": "info",
"AUDIT_TRAIL": true,
"WEB_SERVICE_LINKER_PATH": "C:\\Program Files\\CAST\\ImagingSystem\\web-service-linker",
"ETL_AUTOMATION_BINARY_PATH": "C:\\Program Files\\CAST\\ImagingSystem\\imagingetl",
"CUSTOM_LEVELX": "C:\\Program Files\\CAST\\ImagingSystem\\imagingservice\\custom-levels.json",
"HTTP_ENDPOINT": "http://127.0.0.1:8084"
}
imagingservice.json {
"APP_CONFIG": "C:\\Users\\<user>\\AppData\\Roaming\\CAST\\ImagingSystem\\imagingservice\\app-config.json",
"PORT": "9000",
"NEO4J_USERNAME": "neo4j",
"NEO4J_PASSWORD": "imaging",
"NEO4J_BOLT_ENDPOINT": "127.0.0.1:7687",
"NEO4J_IMPORT_PATH": "C:\\ProgramData\\CAST\\ImagingSystem\\Neo4j_data\\import",
"TOKEN": "D5ED6A406775FC71B8D2A978883E8ED4",
"LOG_PATH": "C:\\Program Files\\CAST\\ImagingSystem\\logs\\",
"LOG_LEVEL": "info",
"AUDIT_TRAIL": true,
"LOGGER_TIMEOUT": 60
}
|
|---|---|
| Microsoft Windows traditional installer ≤ 2.16 | imagingetl.bat @echo off SetLocal EnableDelayedExpansion for %%a in (%0) do set CMDDIR=%%~dpa @set PATH=C:\Program Files\CAST\ImagingSystem\jdk\bin;%PATH% imagingetl.exe -PORT=9001 ^ -NEO4J_BOLT_ENDPOINT=127.0.0.1:7687 ^ -NEO4J_USERNAME="neo4j" ^ -NEO4J_PASSWORD="imaging" ^ -NEO4J_IMPORT_PATH="C:\Program Files\CAST\ImagingSystem/neo4j/import/" ^ -NEO4J_ARCHIVE_PATH="C:\Program Files\CAST\ImagingSystem/neo4j/import/archive/" ^ -NEO4J_IMPORT_BATCH_SIZE=1000 ^ -TOKEN "D5ED6A406775FC71B8D2A978883E8ED4" ^ -LOG_PATH="C:\Program Files\CAST\ImagingSystem/logs/" ^ -LOG_LEVEL=info ^ -AUDIT_TRAIL=true if errorlevel 1 exit /b 1 exit /b 0 imagingservice.bat @echo off SetLocal EnableDelayedExpansion for %%a in (%0) do set CMDDIR=%%~dpa @set PATH=C:\Program Files\CAST\ImagingSystem\jdk\bin;%PATH% imagingservice.exe -APP_CONFIG "C:\Users\James\AppData\Roaming\CAST\ImagingSystem\imagingservice/app-config.json" ^ -PORT 9000 ^ -NEO4J_USERNAME "neo4j" ^ -NEO4J_PASSWORD "imaging" ^ -NEO4J_BOLT_ENDPOINT "127.0.0.1:7687" ^ -NEO4J_IMPORT_PATH "C:\Program Files\CAST\ImagingSystem/neo4j/import/" ^ -TOKEN "D5ED6A406775FC71B8D2A978883E8ED4" ^ -LOG_PATH="C:\Program Files\CAST\ImagingSystem/logs/" ^ -LOG_LEVEL=info ^ -AUDIT_TRAIL=true if errorlevel 1 exit /b 1 exit /b 0 |
| Docker for Linux/Windows | server/app.config {
"PORT": "9000",
"NEO4J_USERNAME": "neo4j",
"NEO4J_PASSWORD": "imaging",
"NEO4J_BOLT_ENDPOINT": "neo4j:7687",
"ETL_ENDPOINT": "etl:9001",
"TOKEN": "__my_token__",
"NEO4J_IMPORT_PATH": "/opt/imaging/imaging-service/upload/",
"LOG_PATH": "/opt/imaging/imaging-service/logs/",
"LOG_LEVEL": "debug",
"AUDIT_TRAIL": true,
"APP_CONFIG": "app-config.json"
}
etl/app.config {
"PORT": "9001",
"NEO4J_BOLT_ENDPOINT": "neo4j:7687",
"NEO4J_USERNAME": "neo4j",
"NEO4J_PASSWORD": "imaging",
"TOKEN": "__my_token__",
"NEO4J_IMPORT_PATH": "/opt/imaging/imaging-etl/upload/",
"NEO4J_ARCHIVE_PATH": "/opt/imaging/imaging-etl/upload/archive/",
"NEO4J_IMPORT_BATCH_SIZE": "1000",
"LOG_PATH": "/opt/imaging/imaging-etl/logs/",
"LOG_LEVEL": "debug",
"AUDIT_TRAIL": true
}
|
Applying the changes
Restart all CAST Imaging services to apply the changes.
