Audit log

Use the audit log entries to monitor activity of REST API calls within the IBM Spectrum® Discover environment, including the API endpoint that was used.

You can obtain the audit log entries by using the FFDC script. For more information, see Using the FFDC script.
Note: The FFDC script redacts user account and IP address information in the audit log entries.

To view audit log entries, extract the output from the compressed file that is generated by the FFDC script. You can use a text editor to read the FFDC output. Audit log entries are in JSON format and are identified in the FFDC output by the string AUDIT in the type field.

For more information about API endpoints in the IBM Spectrum Discover environment, see REST API in Data Cataloging: REST API GuideREST API for Data Cataloging.

The audit log includes the following fields:

The service that processed the request. The service and node name are included. The following details are optional: namespace, serviceInstance, and containerId.
The request ID that is returned back to the client, or a correlation tag that is used for internal tracking.
The time that the request was received.
The API endpoint that made the request.
The IP address of the server or node that processed the request.
The identification string of the user agent that made the request.
The log entry type: AUDIT
Size of the response, in bytes, sent back to the client.
The IP address from which the request originates.
The protocol of the request.
The latency of the request in milliseconds.
The return code that is provided to the client.
The user name and the authentication scheme, bearer (for LDAP) or basic (for local authentication).