Audit Trail

The Tetra Data Platform (TDP) has an audit trail feature that automatically logs system and user actions. As an Admin user, you can access the audit trail page, filter and view audit trail records, and download them to a CSV for further analysis.

Audit trail records can be accessed but they cannot be altered. As a result, you can use this feature for the auditing of, and compliance with 21 CFR reporting.

πŸ“˜

Disabling the Audit Trail

You should disable the audit trail for development environments only. If you disable the audit trail for production environments, you may not be able to be satisfy GxP quality guidelines and regulations.

Audit trail records include:

  • User Actions (performed by users in the TDP software).
  • System Actions (programmatically performed in the TDP software).

πŸ“˜

AWS and Auditing Information

  • Tetra Agent audit information displays in AWS CloudWatch.
  • AWS Infrastructure logs that contain automated and user-initiated data is captured in AWS CloudWatch and CloudTrail. For details about these features, click these AWS documentation links: CloudWatch and CloudTrail.

Access the Audit Trail Page

To access the page as an Admin user:

  1. In the Tetra Data Platform, click the Hamburger icon at the top left corner of the page to expand the TDP menu options (or hover over the list of icons to display the menu options):
4747

Hamburger icon

  1. From the Tetra Data Platform, click Account from the left side of the page.
  2. Click Audit Trail to open the Audit Trail page. The audit log records display listing the most recent records at the top of the page:
15741574

Audit Trail

πŸ“˜

Possible Time Lag

There may be a possible time lag of up to five minutes for actions to display in the Audit Trail page.

View and Filter Audit Trail Records

To view and filter audit trail records, you can select various options at the top of the page. To view all of the audit trail records, leave all filter fields blank.

Audit Trail Filters

FilterDescription
- Change Reason (if GxP enabled)
- User Name
- Entity Name
If GxP was enabled as a compliance setting for eSignatures, then you can filter audit records by change reason (explains the meaning of the eSignature). Additionally, you can search audit records by change reason by entering text in the Search box.

The name of the user or entity who/that initiated the action. The name may be a service user's name or an individual user's name.

For example, to see all of the authorization tokens that a specific user created, select User Name from the Filter dropdown, then enter the specific user name in the field.
From/To DateSelect the start (From) and end (To) date range from the calendar to view audit logs that were generated on or between those specific dates.

The To Date is exclusive; for example, if you select From May 17, 2022 to May 18, 2022 (17-05-2022 - 18-05-2022), then only data from May 17, 2022 displays.

To view the audit logs for all dates, leave the field blank.
EntitySelect the component to review. For example, you could select Pipeline to view the logs related to pipelines.

To view the a list of the available entities and their corresponding actions, see the Entities and Logged Actions table.
ActionSelect the action that was performed on the entity. This field displays different information based on the selected entity. For example, if you select Pipeline as the entity, you could select to view all pipelines that were: created, updated, deleted, reprocessed, or submitted files for process.

To view the available entities and their corresponding actions, see the Entities and Logged Actions table.

Entities and Logged Actions

EntityAvailable Actions
AgentCreate, Update, Delete, Enable, Disable, Enable Queue, Disable Queue, Change Cloud Configuration, Change Local Configuration, Start Agent, Stop Agent
Auth TokenCreate, Copy
Database CredentialsCreate, Delete
DatahubActivate, Create, Update, Enable, Disable, Delete, Sync, Update Config
Datahub AgentCreate, Update, Delete, Enable, Disable
Datahub ConnectorCreate, Update, Enable, Disable, Delete
FileUpload, Update Labels, Update Tags, Update Metadata, Update Metadata & Tags, Delete
Filter FieldCreate, Delete
IntegrationCreate, Update, Delete
SourceCreate, Update, Delete, Enable, Disable, Enable Queue, Disable Queue
IoT DeviceCreate, Update, Delete, Enable, Disable
IoT AgentCreate, Update, Delete, Enable, Disable
IoT IntegrationCreate, Update, Delete
IoT SourceCreate, Update, Delete
LabelCreate, Delete
MetadataCreate, Delete
OrganizationCreate, Update, Delete
PipelineCreate, Update, Delete, Reprocess, Submit files for process
Service UserCreate, Update, Delete, Enable, Disable, Unlock, Change Role
Shared SecretCreate, Update, Delete
Shared SettingCreate, Update, Delete
UserCreate, Update, Delete, Enable, Disable, Unlock, Change Role, Change Password, Login Attempt, Reset password request
User SettingCreate, Update, Delete
TagCreate, Delete
WorkflowRestart
GIT IntegrationCreate, Update, Delete
Task Script ProfileCreate, Update
Task Script BuildCreate, Update, Delete
Feature FlagCreate, Update, Delete

View Audit Trail Results

After you select filters to view the audit trail records, information matching those filters displays on the page. To review the next page of results, click the page number or arrow keys at the bottom right corner of the page.

Audit Trail Result Fields

FieldDescription
EntityName of the entity that the action was performed on. The entity contains:
- Summary of the entity, such as the specific pipeline's name or the specific label's title.
- ID number of the specific entity.
- Click View Object to view the specific entity details in the TDP.
Entity TypeLists the entity type (see the Entities and Logged Actions table for a list.)
ActionDisplays the action performed by the Entity/Type. To view the available entities and their corresponding actions, see the Entities and Logged Actions table.

The action contains:
- Lists the type of action.
- Click View Change to review the code change.
UserUser who initiated the action. The user may be a service user's name or an individual user's name.

The user contains:
- Name of the user
- Type of user
- IP address
DateDate and time of the audit log entry.
Change ReasonIf GxP was enabled as a compliance setting for eSignatures, then the change reason displays in the last column (and if it is part of the eSignature, the ending of the authentication token also displays in the column).

Export Audit Trail History

To export your audit trail history to a CSV file:

  1. From the Audit Trail page, you can click one or more checkboxes for the audit logs you want to export. To select and export all of the records retrieved, click the checkbox next to the ENTITY column label.
374374

Audit Trail checkbox

  1. After you have selected one or more checkboxes, the Export xxx Selections to CSV button displays. Click the button to start the download process for the selected entities.
  2. The CSV file is downloaded and ready to use. The CSV file provides additional information not shown in the audit trail results list:
  • id - Unique identifier of the specific entities in the log files.
  • org_slug - Organizational slug of the actor
  • actor_id - Unique identifier for the actors
  • actor_type - Indicates the type of actor
  • actor_name - Name of the actor
  • actor_email - Email address of the actor
  • ip_address - Actor's IP address
  • host - Name of the host
  • auth_token_ending - Last seven characters of the authorization token
  • entity_name - Name of entity
  • entity_type - Type of entity
  • entity_id - ID for the entity
  • action - Action performed on the entity
  • before - Entity details before the action was taken. Typically, for create or login-attempt actions, this field remains empty. For update or delete actions, the field shows the state of the entity before the action occurred.
  • after - Entity details after the action was taken. For delete actions, this field typically is empty.
  • entity-schema-version - Schema version for the entity (if the entity has one)
  • created_at - Date/timestamp for the log entry

πŸ“˜

Log Retention

There is no purge policy for logs in the Audit Trail.

View Historical Audit Trail Data From Previous TDP Versions

To view the audit trail data for historical audit trail data prior to upgrade to version 3.0 (March 31, 2021) of the TDP:

  1. Click the Historical Audit Data link in the upper right corner of the Audit Trail page. The Historical Audit Data page displays:
12021202

Historical Audit Data

  1. You can adjust these filters to view the logs:
  • From date/time - Display log entries starting with this date and time.
  • To date/time - Display log entries through this date and time.
  • Apply Date/Time Filters - Click to apply the date/time filters.
  • Entity - Select the entity to view.
  1. To adjust the number of logs shown per page, you can select a number in the Logs per Page dropdown at the bottom of the page. You can also select to view a range of logs from 20 to all log entries.
  2. To export your results as a CSV file, click Export as CSV near the top right corner of the page. You can specify these fields to export:
  • From date - Enter from the date, or click the calendar to select the date
  • From time - Enter from the time, or click the clock to select the time.
  • To date - Enter from the date, or click the calendar to select the date
  • To time - Enter from the time, or click the clock to select the time.
  • Entity - Select all or a specific entity to export.
  1. Click Export.
  2. To return to the current Audit Trail page, click the Current Audit Data link at the top left of the page.