Overview
Starting with version 2.6.0, Management Console keeps records of activity going on there. All events are recorded in JSON format in audit.log file, located in Console's storage folder and makes it possible to monitor users that login or logout and make changes to Resilio Connect configuration.
By default audit log rotates: when the file reached 104 Mb size, it's zipped up. Console keeps 10 of such zip files. Rotation settings can be changed in MC configuration file in section "loggers".
Audit Log Format
Audit log has the following format:
- Only action and timestamp are present in all events
- Other fields may be missing, depending on the event itself
{
"action": "action performed by a user or agent" ,
"timestamp": "timestamp of event in unix format in milliseconds ,
"source": {"Information about source machine of the action, IP address, device and browser agent of a user who performed an action, when user tries to login or agent tries to connect"}
"initiator":{ "by model - a user or an object who initiated the action" },
"target": {"by model - object that is changed/created by action"},
"parameters": {"different actions for different object types have their own set of parameters"}
"changes": {
"to": {"new object's settings" },
"from": {"previous object's settings. For new objects this field is empty. }
}
}
Audit Log Parameters
“_type” indicates the object model from which ( if “initiator”) or on which (if “target”) action was performed:
- MC’s user:
InternalUserModel
- Agent:
ClientModel
- MC’s user group:
UserGroupModel
- Domain Service User:
DSUserModel
- Domain Service user group:
DSGroupModel
- Management Console. Is source when new agent connects or at failed agent connect attempt:
Server
- Is source when job run is started or stopped by schedule:
Schedule
- Reset password, create new user or restore backup from a terminal via srvctrl:
SRVCTRL
- By API token:
API
- Agent connected to MC and is now waiting for being approved:
PendingAgentModel
Note
Additionally, following types are the models of newly created objects, pretty self-descriptive:ActiveDirectoryConfigModel
, AgentProfileModel
, ApiTokenModel
, BackupJobModel
(consolidation job), BackupModel
, BootstrapTokenModel
, GroupModel
, JobProfileModel
, MailerTransporterModel
, LicenseModel
, ScheduleModel
, ScriptJobModel
, ServerProfileModel
, SyncJobModel
, SupportRequestModel
, TagModel
, TransferJobModel
(distribution job), JobSubscriptionModel
, EmailUserNotificationDestinationModel
, EmailNotificationDestinationModel
, WebHookNotificationDestinationModel
,WebHookModel
, IgnoredErrorModel
, AbortTransferErrorModel
;The following actions are implemented:
create / delete / update |
Object (‘target’) was created, updated or deleted. If a new agent connects to MC or shows up a list of approval this counts as ‘create’ action. When an admin approves or declines new agents, new event with action ‘update’ on ClientModel appears. If the action is performed with a cloud storage, the storage's name are recorded as 'target' and storage parameters as 'changes'. |
start / stop |
Management Console process starts or stops. When restoring backup, these two events appear automatically, since restoring backup is accompanied with MC restart. In v4.1.0 the entry includes MC version as well. |
sign up / login / logout |
User actions for accessing MC UI. Action 'failed login attempt' means user entered an invalid username. After 10 failed login attempts, user is blocked and event 'block' appears. |
generate reset password token |
'generate reset password token’ action means that super admin generated reset password token for blocked user via MC UI or generated reset password link for user via srvctrl. |
restore backup |
Backup is restored by a user or from terminal via srvctrl. This event is followed by MC restart with two events stop/start accordingly. |
invalid api token |
Action of an API request with an invalid token. |
failed agent connect attempt |
The agent failed to connect to MC because of invalid bootstrap token. |
rename agent |
The agent is renamed by admin from MC UI. |
restart agent attempt |
The agent was restarted from MC UI. It says 'attempt' cause MC only sends shutdown signal and does not control the startup of the agent. |
stop initial synchronization
|
Initial synchronization with Reference Agent was manually stopped by a user. |