Audit Log Fields
Auditing events on the gateway are informational, the default auditing level is informational (INFO) and it cannot be changed.
The Audit logs located at
have the following structure:
EVENT_PUBLISHING_TIMEROOT_REQUEST_ID | PARENT_REQUEST_ID | REQUEST_ID | LOGGER_NAME | TARGET_SERVICE_NAME | USER_NAME | PROXY_USER_NAME | SYSTEM_USER_NAME | ACTION | RESOURCE_TYPE | RESOURCE_NAME | OUTCOME | LOGGING_MESSAGE
EVENT_PUBLISHING_TIME : contains the timestamp when record was written.
ROOT_REQUEST_ID : Reserved, the field is empty.
PARENT_REQUEST_ID : Reserved, the field is empty.
REQUEST_ID : contains a unique value representing the request.
LOGGER_NAME : contains the logger name. For example
TARGET_SERVICE_NAME : contains the name of the service. Empty indicates that the audit record is not linked to a service. For example, an audit record for topology deployment.
USER_NAME : contains the ID of the user who initiated session with Knox Gateway.
PROXY_USER_NAME : contains the authenticated user name.
SYSTEM_USER_NAME : Reserved, field is empty.
ACTION : contains the executed action type. The value is either authentication, authorization, redeploy, deploy, undeploy, identity-mapping, dispatch, or access.
RESOURCE_TYPE contains the resource type of the action. The value is either
RESOURCE_NAME : contains the process name of the resource. For example,
topologyshows the inbound or dispatch request path and
principalshows the name of mapped user.
OUTCOME contains the action results,
LOGGING_MESSAGE contains additional tracking information, such as the HTTP status code.