Audit logging

You can write the audit logs to memory or capture them in a file.

An audit log operation can be one of the following:

EXPORT_QUERY
DISCOVERY_QUERY
IMPORT_MUTATION
METADATA_QUERY
REFERENCED_OBJECT_RETRIEVAL
UPDATE_OOO_PROPERTIES
UTIL_QUERY_ALL

The CCX-deployment API includes the AuditLogger class. When an AuditLogger object is supplied to the API, it captures all the GraphQL requests that are executed. The audit entries are saved to a file when a file_path is supplied. The following example creates an AuditLogger object:

audit_logger = AuditLogger()

If no file is specified when you construct the AuditLogger object, the entries are only held in memory up to a maximum number of entries. Once the limit is reached, older entries are dropped as new entries are added.

The following example creates an AuditLogger object with an argument that includes a file where the audit entries are written to:

audit_logger = AuditLogger(file_path="audit.log")

When a file is specified, you can include additional arguments to control whether you want to write the audit entries immediately to a file or keep in memory up to the maximum and then move the entries to the file. You can include an argument to specify the maximum number of audit entries that can be written to memory. When the maximum number of audit entries in memory is reached, the entries are moved to the file, making room for additional entries. If you do not want to write the audit entries immediately to a file, invoke the AuditLogger to ensure that all entries that are held in memory are written to the file:

audit_logger.write()

Each audit entry has the following format:

[<timestamp>] <Log operation> - Query: <GraphQL query or mutation text> - Time Elapsed: <Number of seconds>