Logging

Table of Contents

Graphlytic logging

Graphlytic uses slf4j and logback binding.

Configuration

Logging levels, loggers, appenders, and general log turning on/off is configured in the <GRAPHLYTIC_HOME>/conf/logback.xml file.

The location of log directory with all produced logs is configured in the <GRAPHLYTIC_HOME>/conf/graphlytic.conf file.

Logs

Common log

file: graphlytic.log

Contains all logs.

Audit log

Backend Audit log

File: graphlytic-audit.log

Contains backend audit logs (a subset of the common log):

  • when a user was successfully logged into Graphlytic (time, name of the user)

  • information about unsuccessful authentication (time, name of the user)

  • information about data changing operations for nodes and relationships (create, update, delete) (time, name of the user, name of the operation).

Format of the log record (row in the log file)

<timestamp> INFO AUDIT_LOGGER:<loggerInstanceId> - AUDIT <action> <actionData>
  • timestamp - system time

  • loggerInstanceId - internal Java logger id, not usable for audit reporting

  • action - action code, like CSV_EXPORT_NODE or VIS_ACCESS

  • actionData - here are key:value pairs with data specific to the <action>. Every action can have different actionData stored

Implemented events

Action

Custom Data

Note

LOGIN_SUCCESS

prior to Graphlytic 3.0.0 logged as "USER auth success"

LOGIN_FAILURE

prior to Graphlytic 3.0.0 logged as "USER auth fail"

LOGOUT_SUCCESS

CSV_EXPORT_NODES

numOfRecords

numOfRecords - number of exported rows with data

CSV_EXPORT_RELS

numOfRecords

numOfRecords - number of exported rows with data

PNG_EXPORT

VIS_CREATE

visId

visId - The ID of the created visualization

VIS_ACCESS

visId

visId -The ID of the accessed visualization

VIS_SHARE_USERS

addedUsers, removedUsers

images/s/en_US/8100/655541fd8de32cde09f1d3f09341851d946007a5/_/images/icons/emoticons/warning.svg Note: the VIS_SHARE_USERS and VIS_SHARE_GROUPS are always as double record log (two log rows for one action) because with one frontend action of vis sharing there are two backend calls (one call is for change in user sharing list and one is for change in group sharing list)

VIS_SHARE_GROUPS

addedGroups, removedGroups

CREATE_NODE

UPDATE_NODE

UPDATE_NODES

updatedNodes

updatedNodes - number of updated nodes

DELETE_NODE

CREATE_RELATIONSHIP

UPDATE_RELATIONSHIP

DELETE_NODE_RELATIONSHIP

Examples

Examples
20.01.16 10:09:13.198 INFO AUDIT_LOGGER:30 - AUDIT LOGIN_SUCCESS user:'admin'
20.01.16 10:09:24.502 INFO AUDIT_LOGGER:964 - AUDIT CSV_EXPORT_NODES user:'admin' numOfRecords:16
20.01.16 10:09:55.815 INFO AUDIT_LOGGER:1118 - AUDIT CSV_EXPORT_RELS user:'admin' numOfRecords:2217
20.01.16 10:10:00.266 INFO AUDIT_LOGGER:111 - AUDIT PNG_EXPORT user:'admin'
20.01.16 10:12:13.479 INFO AUDIT_LOGGER:99 - AUDIT VIS_ACCESS user:'admin' visId:2
20.01.16 10:12:25.981 INFO AUDIT_LOGGER:148 - AUDIT CSV_EXPORT_WIDGET user:'admin' numOfRecords:2656
20.01.16 10:13:55.033 INFO AUDIT_LOGGER:43 - AUDIT LOGIN_FAILURE user:'admin' exception:'Bad credentials'
20.01.16 10:14:04.059 INFO AUDIT_LOGGER:43 - AUDIT LOGIN_FAILURE user:'someLoginFail' exception:'Bad credentials'
20.01.16 10:14:16.990 INFO AUDIT_LOGGER:30 - AUDIT LOGIN_SUCCESS user:'admin'
20.01.16 10:14:20.662 INFO AUDIT_LOGGER:99 - AUDIT VIS_ACCESS user:'admin' visId:2
20.01.16 10:24:26.603 INFO AUDIT_LOGGER:411 - AUDIT VIS_SHARE_USERS user:'admin' visId:2 addedUsers:0 removedUsers:0
20.01.16 10:24:26.604 INFO AUDIT_LOGGER:449 - AUDIT VIS_SHARE_GROUPS user:'admin' visId:2 addedGroups:1 removedGroups:0

Frontend Audit log

File: graphlytic-frontend.log

Contains audit logs (a subset of the common log) of the Graphlytic frontend application with richer context information, e.g. about exploring.

Format of the log record (row in the log file)

graphlytic-frontend.log
{"serverTimestamp":"2020-02-13T16:44:29.342+01:00","userLogin":"admin","ipAddress":"0:0:0:0:0:0:0:1","eventType":"EXPLORING","urlPath":"/visualization","exploringMode":"FINAL_DATA","exploredNodeIds":["2","5"]}

Implemented events

Action

Custom Data

EXPLORING

  • exploringMode: "FINAL_DATA" (without opening of the explore filter), "USER_FILTER" (with opened explore filter)

  • exploredNodeIds: Neo4j IDs of explored nodes

  • noFilter: flag. True if no filtering options were used. False if nodes or edges filtering was used.

Audit Log REST API

GET /audit/data

Service GET /audit/data can be used to read normalized audit log data.

Every record (a parsed line from an audit log file) consists of these attributes:

Record attribute

Data type

Description

logger

String

Logger identification. Values are "BE" (backend logger) or "FE" (frontend logger)

dateTime

Number

Epoch time of the logged event

username

String

Username of the user who created the event.

action

String

Audit event action. Values: see the chapter below.

json

null or Object

Additional data for the event. The structure is dependent on the "action" value.

Example of response
[
{
"logger": "BE",
"dateTime": 1581155429371,
"action": "LOGIN_SUCCESS",
"username": "admin",
"json": null
},
{
"logger": "BE",
"dateTime": 1581193189302,
"action": "UPDATE_NODE",
"username": "admin",
"json": null
},
{
"logger": "FE",
"dateTime": 1583488172967,
"action": "EXPLORING",
"username": "admin",
"json":{
"serverTimestamp": "2020-03-06T10:49:32.967+01:00",
"userLogin": "admin",
"ipAddress": "0:0:0:0:0:0:0:1",
"eventType": "EXPLORING",
"urlPath": "/visualization",
"exploringMode": "FINAL_DATA",
"exploredNodeIds":["46152", "46153", "46154", "46155"]
}
}
]

POST /audit/data/frontend

Graphlytic REST API service for frontend events collecting. Can be used in custom widgets to log specific user behavior.

Request example
{
"eventType" : "some event type",
"urlPath" : "...",
"userTimestamp" : "...",
...other event data entered as key:value pairs...
}