Audit Logs
  • 18 May 2022
  • 2 Minutes to read
  • Contributors
  • Dark
    Light
  • PDF

Audit Logs

  • Dark
    Light
  • PDF

Your Sisense Server can generate audit logs for privileged access, including operations such as creating, updating, or deleting users, groups, and system definitions. These logs are useful for governing your deployments and keeping track of the user permissions and access rights defined in the system and who modified them. The audit logs are generated locally on your Sisense Server, and are never sent externally. No information is shared with Sisense.

By default, Sisense does not generate audit logs and you must activate them if you want to collect the audit log records. Once you have activated the logs, Sisense generates a daily log file. The log files are retained for 30 days and then deleted. You can modify the retention period as needed up to 9999 days per your company's security policy.

The following operations are logged by Sisense:

  • User logins
  • User logins through SSO with SAML
  • Creating, updating, and deleting users
  • Creating, updating, and deleting groups
  • Creating, updating, and deleting row-based security rules
  • Dashboard sharing
  • Model sharing
  • System setting changes

Activating Audit Logs

To create daily audit logs:

  1. Open the Configuration Manager by opening the Admin page, selecting System Management from the panel, and clicking Configuration.
  2. Expand the Audit Logs section.
  3. Enable the Enable Audit Log option.
    If you enable this option, click Save at the bottom of the page and click OK to apply the changes and restart the relevant Sisense services.
  4. (Optional) In Retention Period (days) enter the number of days your logs should be saved on the Sisense Server.
  5. Click Save. Sisense begins to generate audit log files that are continuously updated.

Accessing Your Audit Logs

Each day Sisense creates a new audit file with the filename format audit_yyyy-mm-dd.txt.

Your daily audit logs are saved on your Sisense Server in the directory /opt/sisense/storage. You can also access the log files through the Droppy web interface.

Viewing Your Audit Logs

Sisense records events in your audit logs in strings that describe when the event occurred, who performed it, and what the event was. For example, the string below describes an event where a new user was added.
1594740369444 2020-07-14 15:26:09 admin@sisense.com add group [{"name":"DataAdmins"}]

Example

Name

Description

1594740342685

Event ID

An ID generated by Sisense for each event. 

2020-07-14 15:25:42

Time

A timestamp of when the event occurred. 

super@sisense.com

User ID

The ID of the user who performed the action.

Add group

Event

The action the user performed. 

[{"name":"DataAdmins"}]

Event Object

The Event Object contains an object with key-value pairs that provide more information about the event. In this example, the key-value pair is the name of the group created. Other objects for events like creating users contain additional key-value pairs such as the name of the user created, the time the user was created, and if the user was added to a group. 

Downloading Audit Logs through the REST API

To retrieve your logs easily and automatically, Sisense has exposed REST API endpoints that you can leverage to transfer your logs to a remote location.

You can find the following endpoint in V2 of the Sisense REST API:

GET /api/v2/audit


Was this article helpful?