Using the Audit Log

Skip to end of metadata
Go to start of metadata

Introduction

The Audit Log is a tool that allows site administrators to view actions performed by users and administrators via the Console, or by end users to their own accounts (e.g., changing a password). All actions performed from within the console are audited, as well as end-user actions involving the APIs listed below. API calls using application keys are not audited, except where otherwise noted.

Audited events are stored for one year from the date they occurred.

Although all audited events are logged, they may not appear in the Audit Log if the user/group viewing the page doesn't have the necessary privileges. These privileges may restrict viewing items at the site level, or allow viewing items on a global, partner level. 

Watch an Instructional Video

If you have a Gigya Academy membership, you can watch instructional videos about this and other Gigya products. To access Gigya Academy content, you should first make sure you are logged into the Gigya Console

Gigya Academy is a premium product that requires separate activation. If it is not part of your site package, please contact your Account Manager or contact us by filling in a support form on our site. You can also access the support page by clicking "Support" on the upper menu of Gigya's site.

To watch a video about the Audit Log, Gigya Academy members can use this link.

The Audit Log is a feature of the 'Identity Enterprise' package, which is a premium service that requires activation. If it is not part of your site package, please contact Gigya  Support  via the  Console .

The Audit Log


Clicking a log entry expands it to display extended information:

           

The Extended Information Panel

The extended information panel contains a number of features to help you make the most of your log data. In addition to basic data about the API call, the panel includes:

  1. The Magnifier: Appears while hovering over any field value which allows filtering via the Advanced Query tool. Clicking the magnifier will automatically add the current field and value to the Advanced Query box and submits the current query. 
  2. The Response: Appears for every API call and contains the error code, error message and error details (in case of an error). If no error occurred, the Details field does not appear.
  3. The Request Parameters: Appears for every API call and contains the list of parameters (including values) submitted with the request.

Note: When the User/App field contains 'Gigya Admin' it means that the current log entry refers to an action performed by Gigya.

Advanced Queries

The Audit Log includes an Advanced Query tool which allows you to view audit log entries using SQL syntax. See the audit.search documentation for a complete explanation on supported SQL operations and syntax. It's important to note that the advanced query is a WHERE clause that is automatically appended to the selected dates and the Configuration updates only option. That is, the SELECT ...... FROM .... WHERE portion of the query is automatically implied.

For example, a query for all actions performed via any socialize API between Aug 16, 2015 and Aug 17, 2015:

 endpoint LIKE 'socialize%' AND @timestamp > '2015-08-16T00:00:00.000Z' AND @timestamp < '2015-08-17T00:00:00.000Z'

Global Entries

When an entry is marked Global, it designates an API call made outside the scope of a specific site. These APIs are used to create sites, get user and group information, get and set ACLs, and more.

Configuration Updates Only

Selecting the Configurations updates only option filters the Audit Log by 'get', 'set' and 'update' APIs, even when using advanced queries. The following APIs are displayed when Configuration updates only is selected:

Accounts accounts.deleteScreenSet  GM gm.setActionConfig
 accounts.registerCounters  gm.setChallengeConfig
    gm.setGlobalConfig
--------------------------------------------------- --------------------------------------------------
IDS ids.registerCounters Comments comments.setCategoryInfo
 ids.setSchema  comments.setStreamInfo
 ids.unregisterCounters --------------------------------------------------
---------------------------------------------------   
FIDM.SAML Gigya as SAML SP    
 fidm.saml.delIdP 

 fidm.saml.importIdPMetadata 

 fidm.saml.registerIdP 

 

 

 

 

Audited APIs

The following APIs are audited in addition to all actions performed via the Console. This means that any action performed by end users via these APIs will appear in the Audit Log:

Accounts    Socialize socialize.addConnection
 accounts.deleteAccount *application keys audited  socialize.login
 accounts.deleteSchemafields  socialize.deleteAccount *application keys audited
 accounts.deleteScreenSet  socialize.logout
 accounts.finalizeRegistration  socialize.notifyLogin
 accounts.initRegistration  socialize.removeConnection
 accounts.isAvailableLoginID  socialize.setProviderConfig
 accounts.linkAccounts  socialize.setUID
 accounts.login (appears as socialize.login) *application keys audited   
 accounts.logout ------------------------------------------------------------
 accounts.notifyLogin  FIDM.SAML Gigya as SAML SP
 accounts.rba.setPolicy  fidm.saml.delIdP
 accounts.rba.unlock  fidm.saml.getConfig
 accounts.register *application keys audited  fidm.saml.getRegisteredIdPs
 accounts.removeConnection  fidm.saml.importIdPMetadata
 accounts.resetPassword  fidm.saml.registerIdP
 accounts.setAccountInfo *application keys audited  fidm.saml.setConfig
 accounts.setPassword ------------------------------------------------------------
 accounts.setPolicies  FIDM.SAML Gigya as SAML IdP
 accounts.setUID  fidm.saml.idp.delSP
 accounts.setSchema  fidm.saml.idp.getConfig
 accounts.setScreenSet  fidm.saml.idp.getRegisteredSPs
 accounts.socialLogin (appears as socialize.login)  fidm.saml.idp.importSPMetadata
 accounts.tfa.*  fidm.saml.idp.registerSP
 accounts.verifyEmail  fidm.saml.idp.setConfig
---------------------------------------------------------------------- -------------
-----------------------------------------------
Admin All APIs in the admin namespace are audited  DS ds.deleteSchemaFields

Please note that events may or may not appear in the audit log, depending on the privileges granted to the user/group viewing the log.

Additional Information

Operations performed by a Lite account (opposed to a Full Registered User) can be distinguished by "authType": "liteRegToken".

Any events occuring via an OIDC RP are logged like any other social network interaction. OIDC OP events are not audited. 

 

 

  • No labels