Audit Logs

Your Sisense Server can generate audit logs for privileged access, including operations such as creating, updating, or deleting users, groups, and system definitions. These logs are useful for governing your deployments and keeping track of the user permissions and access rights defined in the system and who modified them. The audit logs are generated locally on your Sisense Server, and are never sent externally. No information is shared with Sisense.

By default, Sisense does not generate audit logs and you must activate them if you want to collect the audit log records. Once you have activated the logs, Sisense generates a daily log file. The log files are retained for 30 days and then deleted. You can modify the retention period as needed up to 9999 days per your company's security policy.

The following operations are logged by Sisense:

  • User authentication and authorization, including: User logins, user logins through SSO, successful login attempt, failed login attempt, and password reset
  • Creating, updating, and deleting users
  • Creating, updating, and deleting groups
  • Creating, updating, and deleting row-based security rules
  • Dashboard sharing and modifying a dashboard share
  • Model sharing and modifying a model share
  • System setting changes, including any feature toggle On/Off
  • License modification

Activating Audit Logs

To create daily audit logs:

  1. Click Admin, search for and select System Management which is located under Server & Hardware, and click Configuration to open the Configuration Manager.

  2. Expand the Audit Logs section.
  3. Enable the Enable Audit Log option.
    If you enable this option, click Save at the bottom of the page and click OK to apply the changes and restart the relevant Sisense services.
  4. (Optional) In Retention Period (days) enter the number of days your logs should be saved on the Sisense Server.
  5. Click Save. Sisense begins to generate audit log files that are continuously updated.

Accessing Your Audit Logs

Each day Sisense creates a new audit file with the filename format audit_yyyy-mm-dd.txt.

You can access your audit logs in any of the following ways:

  • Your daily audit logs are saved on your Sisense Server in the directory /opt/sisense/storage/tenants/<tenant_id>/audit.

Note:

The audit logs are located within the relevant tenant, which you can access via the file browser.

  • Click Admin, search for and select System Management, and click File Management. Note that the File Management feature must be enabled in the Feature Management section in order for it to appear here. In the File Management window, open the audit folder.

  • Through the Droppy web interface.

Viewing Your Audit Logs

Sisense records events in your audit logs in strings that describe when the event occurred, who performed it, and what the event was. For example, the string below describes an event where a new user was added.
1594740369444 2020-07-14 15:26:09 admin@sisense.com add group [{"name":"DataAdmins"}]

Example

Name

Description

1594740342685

Event ID

An ID generated by Sisense for each event.

2020-07-14 15:25:42

Time

A timestamp of when the event occurred.

super@sisense.com

User ID

The ID of the user who performed the action.

Add group

Event

The action the user performed.

[{"name":"DataAdmins"}]

Event Object

The Event Object contains an object with key-value pairs that provide more information about the event. In this example, the key-value pair is the name of the group created. Other objects for events like creating users contain additional key-value pairs such as the name of the user created, the time the user was created, and if the user was added to a group.

Downloading Audit Logs through the REST API

To retrieve your logs easily and automatically, Sisense has exposed REST API endpoints that you can leverage to transfer your logs to a remote location.

You can find the following endpoint in V2 of the Sisense REST API:

GET /api/v2/audit

To access audit files via API:

  1. Ensure that File Manager is enabled.

  2. Use the /api/v2/audit endpoint to retrieve the list of available files and their locations.

  3. Use the file manager endpoint to download a file from that list:
    {server}/app/explore/api/raw/tenants/<tenant_id>/audit/{file name}

For example:

If running the list audit files endpoint returned the following result:

[

{

"file": "audit_2022-12-22-15-37-28.txt",

"valid": true,

"filePath": "/opt/sisense/storage/tenants/<tenant_id>/audit"

},

{

"file": "audit_2022-12-26-07-54-54.txt",

"valid": true,

"filePath": "/opt/sisense/storage/tenants/<tenant_id>/audit"

}

]

If you want to retrieve the first file, run GET this URL:

https://{server}/app/explore/api/raw/tenants/<tenant_id>/audit/audit_2022-12-22-15-37-28.txt